systembc | 6452af32887b676352a3c81057bd89385292f7660f01be8f1c102380cc415c5a | Triage

Sharing

General

Target

6452af32887b676352a3c81057bd89385292f7660f01be8f1c102380cc415c5a
Size

1005KB
Sample

241216-q1f4hs1rct
MD5

ea10363200a7a140a53a8f85e64fe25d
SHA1

a935f4a0ccde0b0297819da87bf56fa4accd37d3
SHA256

6452af32887b676352a3c81057bd89385292f7660f01be8f1c102380cc415c5a
SHA512

94f2dc86a89227096598e6f1f5f72d9129b58858da4cd1ae4e48e6ebe8604215641b82e0b7fa70e2363092f2cde85ce7bd6cc830e4508c857610fac7cafe160a
SSDEEP

24576:84t9IZNP9LIwKB6wuLjMixA298HC4YrX+yc3d:nmqwKEHD+fi4Y+ye

Score

10^/10

systembc discovery trojan

Malware Config

Extracted

Family

systembc

C2

wodresomdaymomentum.org

Attributes

dns
5.132.191.104

Targets

- Target
  
  6452af32887b676352a3c81057bd89385292f7660f01be8f1c102380cc415c5a
- Size
  
  1005KB
- MD5
  
  ea10363200a7a140a53a8f85e64fe25d
- SHA1
  
  a935f4a0ccde0b0297819da87bf56fa4accd37d3
- SHA256
  
  6452af32887b676352a3c81057bd89385292f7660f01be8f1c102380cc415c5a
- SHA512
  
  94f2dc86a89227096598e6f1f5f72d9129b58858da4cd1ae4e48e6ebe8604215641b82e0b7fa70e2363092f2cde85ce7bd6cc830e4508c857610fac7cafe160a
- SSDEEP
  
  24576:84t9IZNP9LIwKB6wuLjMixA298HC4YrX+yc3d:nmqwKEHD+fi4Y+ye
Score

10^/10

discovery systembc trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Systembc family
  systembc
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

systembcdiscoverytrojan