systembc | d7c59a22446f1c200c078a6e38131c755e1869717b939fa54b53360af4d2a059 | Triage

Sharing

General

Target

01b4e5031bce630ff9a75984dbce65e4.exe
Size

1008KB
Sample

241216-prrm8a1pap
MD5

01b4e5031bce630ff9a75984dbce65e4
SHA1

026f9b1f04df0b009aa478a4a072da9f38d695dd
SHA256

d7c59a22446f1c200c078a6e38131c755e1869717b939fa54b53360af4d2a059
SHA512

4dfcea7f892e12b2ac0a87f79b93ff678beb57a7d71356b7fb733026e9c0941c906ba6ebf12bc7dfe3549bec5b60293dfde5170460f4e8e5fd2569fab41109bd
SSDEEP

24576:vUfq8GRMFzYAUHh/T7TWY9Ixm9pwwfUCK3NbKJa4MvB:42RMcpVswfj84YB

Score

10^/10

systembc discovery trojan

Malware Config

Extracted

Family

systembc

C2

wodresomdaymomentum.org

Attributes

dns
5.132.191.104

Targets

- Target
  
  01b4e5031bce630ff9a75984dbce65e4.exe
- Size
  
  1008KB
- MD5
  
  01b4e5031bce630ff9a75984dbce65e4
- SHA1
  
  026f9b1f04df0b009aa478a4a072da9f38d695dd
- SHA256
  
  d7c59a22446f1c200c078a6e38131c755e1869717b939fa54b53360af4d2a059
- SHA512
  
  4dfcea7f892e12b2ac0a87f79b93ff678beb57a7d71356b7fb733026e9c0941c906ba6ebf12bc7dfe3549bec5b60293dfde5170460f4e8e5fd2569fab41109bd
- SSDEEP
  
  24576:vUfq8GRMFzYAUHh/T7TWY9Ixm9pwwfUCK3NbKJa4MvB:42RMcpVswfj84YB
Score

10^/10

discovery systembc trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Systembc family
  systembc
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

systembcdiscoverytrojan