systembc | 92f5e87abf9c56629ea18d38fd358c554842492ed2dd927f5da116312bb341e0 | Triage

Sharing

General

Target

92f5e87abf9c56629ea18d38fd358c554842492ed2dd927f5da116312bb341e0
Size

953KB
Sample

241216-p2b1hs1jgt
MD5

685315094a528c85b57e32fdd640b2c0
SHA1

5386ade339f9beac050875e91f1a068c7b28cc61
SHA256

92f5e87abf9c56629ea18d38fd358c554842492ed2dd927f5da116312bb341e0
SHA512

765087694c46a8a31a2b03aed21373b2c8879ae4d0ef0e7cc7768ddfd066b36289ac48f1dce346d6816a84419ad7bcd93ec32f16a57c38acf54b2dac4873986d
SSDEEP

24576:wkp3To+6N/Wnlz0BzxTQXzsTPS2iIzOYU5dRK:fp3vQyIzCwLrFCvd8

Score

10^/10

systembc discovery trojan

Malware Config

Extracted

Family

systembc

C2

wodresomdaymomentum.org

Attributes

dns
5.132.191.104

Targets

- Target
  
  BlueMail.exe
- Size
  
  1006KB
- MD5
  
  0630c2c8a8c85dca0b36513ad79967e8
- SHA1
  
  9dafbb4ef4c4ecbd78aa9f4c8f0260a8aba2baf4
- SHA256
  
  341082f1ded57c304632b7607119183bb78ba76e1b492f3e4a706fd83c1bc13d
- SHA512
  
  2e200220d5b8ab644274af62de19b36c502ca8c6e9a450e2ac61c8f5cce20a45d73200d4d8f45b1b45a4b3a645c103a61110d5f4273783f06ccabe6f1c407350
- SSDEEP
  
  24576:W0RHvPoU6t/Wn5z09zDxeXTMT9m2OyzUYc:lHvB+QmzoIZ3Bw
Score

10^/10

discovery systembc trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Systembc family
  systembc
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

systembcdiscoverytrojan