systembc | d44096417899cb12d0fe2db404a01bb3294d309dda9e7487cbaa0699c3b457fd | Triage

Sharing

General

Target

JaffaCakes118_d44096417899cb12d0fe2db404a01bb3294d309dda9e7487cbaa0699c3b457fd
Size

795.6MB
Sample

241222-k8g3wsspdq
MD5

490cef9b9ed2ff8aafa7ddd3d11d4160
SHA1

8a9592214c2486df6c6074a71c01f29e2572caf1
SHA256

d44096417899cb12d0fe2db404a01bb3294d309dda9e7487cbaa0699c3b457fd
SHA512

8eb4b718a9affb488d8974ceab892b79642fff33d3044feb0cdb7e28e3fdc7e90538d3342a2e853974cf97c3b15a72f4c81f00691e2e2a1c01ff1b714d04a4f0
SSDEEP

49152:ocyNPK4Y1UJLBfIjNC3OIFjtSuiQpVKBuW:Mi/1UDfv317KBuW

Score

10^/10

systembc discovery trojan

Malware Config

Extracted

Family

systembc

C2

45.81.225.72:4001

192.168.1.149:4001

Targets

- Target
  
  JaffaCakes118_d44096417899cb12d0fe2db404a01bb3294d309dda9e7487cbaa0699c3b457fd
- Size
  
  795.6MB
- MD5
  
  490cef9b9ed2ff8aafa7ddd3d11d4160
- SHA1
  
  8a9592214c2486df6c6074a71c01f29e2572caf1
- SHA256
  
  d44096417899cb12d0fe2db404a01bb3294d309dda9e7487cbaa0699c3b457fd
- SHA512
  
  8eb4b718a9affb488d8974ceab892b79642fff33d3044feb0cdb7e28e3fdc7e90538d3342a2e853974cf97c3b15a72f4c81f00691e2e2a1c01ff1b714d04a4f0
- SSDEEP
  
  49152:ocyNPK4Y1UJLBfIjNC3OIFjtSuiQpVKBuW:Mi/1UDfv317KBuW
Score

10^/10

systembc discovery trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Systembc family
  systembc
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

systembcdiscoverytrojan

behavioral2

systembcdiscoverytrojan