systembc | 007585f948d9b37143906f1ded66250c7234fbfd65ff9d91b251632340389219 | Triage

Sharing

General

Target

007585f948d9b37143906f1ded66250c7234fbfd65ff9d91b251632340389219
Size

1.1MB
Sample

241216-p5lzws1rcm
MD5

6763ecebb557237980b32c8a5872bae0
SHA1

69d6500dabfe1d27fcf2586dff0cb8d51057c1fd
SHA256

007585f948d9b37143906f1ded66250c7234fbfd65ff9d91b251632340389219
SHA512

09e063dde5da8e4032e0c691921f667d00d7d47766b5cf62b5d4f17cb83bc5c989c32eae9ed075a5d182ed3ecd9e89cd805722f7cf629ae2d5dc91542effa867
SSDEEP

24576:TA6JVOI4Ltgdc2fNjIu0W8lJDebGjNOvEER9Fsr/zwRC:T3OI4xKcaj4Wee2sjY

Score

10^/10

systembc discovery trojan

Malware Config

Extracted

Family

systembc

C2

wodresomdaymomentum.org

Attributes

dns
5.132.191.104

Targets

- Target
  
  007585f948d9b37143906f1ded66250c7234fbfd65ff9d91b251632340389219
- Size
  
  1.1MB
- MD5
  
  6763ecebb557237980b32c8a5872bae0
- SHA1
  
  69d6500dabfe1d27fcf2586dff0cb8d51057c1fd
- SHA256
  
  007585f948d9b37143906f1ded66250c7234fbfd65ff9d91b251632340389219
- SHA512
  
  09e063dde5da8e4032e0c691921f667d00d7d47766b5cf62b5d4f17cb83bc5c989c32eae9ed075a5d182ed3ecd9e89cd805722f7cf629ae2d5dc91542effa867
- SSDEEP
  
  24576:TA6JVOI4Ltgdc2fNjIu0W8lJDebGjNOvEER9Fsr/zwRC:T3OI4xKcaj4Wee2sjY
Score

10^/10

discovery systembc trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Systembc family
  systembc
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

systembcdiscoverytrojan