systembc | b05ae489ebc56747d5708c65b24c5c04dd452869ef03f855cad33d8123803476 | Triage

Sharing

General

Target

b05ae489ebc56747d5708c65b24c5c04dd452869ef03f855cad33d8123803476
Size

953KB
Sample

241216-n6q5kazkfv
MD5

34771726dc09e5f026d688589378736c
SHA1

9301220c0d79afb4da9813ce7d4c147c07159edf
SHA256

b05ae489ebc56747d5708c65b24c5c04dd452869ef03f855cad33d8123803476
SHA512

d9ec5bcf02e05f1855e3cbf95b3e5a60491d80e68071e606c72da9da2253cd60de2cd6a05d75a44155c1f17c1eee87df82457cf41667db5931f63ab7b3efef06
SSDEEP

24576:2kynRlUCqjmJCx9Ox1sQIm5UNLO9QIRNS0ffm:2kynfUmU4XN6I/j+

Score

10^/10

systembc discovery trojan

Malware Config

Extracted

Family

systembc

C2

wodresomdaymomentum.org

Attributes

dns
5.132.191.104

Targets

- Target
  
  blueray.exe
- Size
  
  1006KB
- MD5
  
  40c22e416829906744c2e2d94b0fdf5e
- SHA1
  
  daa5651c1cd52872cacc5eeeb44bd7dddef6fea7
- SHA256
  
  32884fafa27c7be2061d9768881df825092c3a56346faee6e33e110467bc8127
- SHA512
  
  c825715f6ce2e445041e00301c0eb358a06633760a6d017754c4847b40dcc1269afc0cc5e35c8f6e7a38a4cc0c760ff687d3ce7f0e567804ab805a6c9c328885
- SSDEEP
  
  24576:z3rnRJ6EqzwJyxNcv5siIq5UNjiX8IRRx:PnH6Sg6XnSIvx
Score

10^/10

discovery systembc trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Systembc family
  systembc
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

systembcdiscoverytrojan