systembc | 341082f1ded57c304632b7607119183bb78ba76e1b492f3e4a706fd83c1bc13d | Triage

Sharing

General

Target

341082f1ded57c304632b7607119183bb78ba76e1b492f3e4a706fd83c1bc13d
Size

1006KB
Sample

241216-pv1eja1pfp
MD5

0630c2c8a8c85dca0b36513ad79967e8
SHA1

9dafbb4ef4c4ecbd78aa9f4c8f0260a8aba2baf4
SHA256

341082f1ded57c304632b7607119183bb78ba76e1b492f3e4a706fd83c1bc13d
SHA512

2e200220d5b8ab644274af62de19b36c502ca8c6e9a450e2ac61c8f5cce20a45d73200d4d8f45b1b45a4b3a645c103a61110d5f4273783f06ccabe6f1c407350
SSDEEP

24576:W0RHvPoU6t/Wn5z09zDxeXTMT9m2OyzUYc:lHvB+QmzoIZ3Bw

Score

10^/10

systembc discovery trojan

Malware Config

Extracted

Family

systembc

C2

wodresomdaymomentum.org

Attributes

dns
5.132.191.104

Targets

- Target
  
  341082f1ded57c304632b7607119183bb78ba76e1b492f3e4a706fd83c1bc13d
- Size
  
  1006KB
- MD5
  
  0630c2c8a8c85dca0b36513ad79967e8
- SHA1
  
  9dafbb4ef4c4ecbd78aa9f4c8f0260a8aba2baf4
- SHA256
  
  341082f1ded57c304632b7607119183bb78ba76e1b492f3e4a706fd83c1bc13d
- SHA512
  
  2e200220d5b8ab644274af62de19b36c502ca8c6e9a450e2ac61c8f5cce20a45d73200d4d8f45b1b45a4b3a645c103a61110d5f4273783f06ccabe6f1c407350
- SSDEEP
  
  24576:W0RHvPoU6t/Wn5z09zDxeXTMT9m2OyzUYc:lHvB+QmzoIZ3Bw
Score

10^/10

discovery systembc trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Systembc family
  systembc
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

systembcdiscoverytrojan