systembc | 30fee1328110552c83645241f3ebbfb3e743182c9c08d5259cec20941c5c0f4a | Triage

Sharing

General

Target

30fee1328110552c83645241f3ebbfb3e743182c9c08d5259cec20941c5c0f4a.exe
Size

1.2MB
Sample

250119-cm6v5asphl
MD5

a50e232d3a5a725cf8324977ce2cc2ec
SHA1

6f663cc2a2df04cab4e84048674d118742bf9b55
SHA256

30fee1328110552c83645241f3ebbfb3e743182c9c08d5259cec20941c5c0f4a
SHA512

60b4f15cfeaaa1dd3ffbbb7efc5750272c26d658767ca4d4e493d8c437a222502ec6f017b96155a80d6e9f7f54835880ff7018169ee24856b9c64befca7f06ef
SSDEEP

24576:1dMkfr422JUVryvPAD37f3rZzKbCHS6F+dbAdpBzahM:zfrJWEyvPAnf3rZWmyIy

Score

10^/10

systembc discovery trojan

Malware Config

Extracted

Family

systembc

C2

wodresomdaymomentum.org

Attributes

dns
5.132.191.104

Targets

- Target
  
  30fee1328110552c83645241f3ebbfb3e743182c9c08d5259cec20941c5c0f4a.exe
- Size
  
  1.2MB
- MD5
  
  a50e232d3a5a725cf8324977ce2cc2ec
- SHA1
  
  6f663cc2a2df04cab4e84048674d118742bf9b55
- SHA256
  
  30fee1328110552c83645241f3ebbfb3e743182c9c08d5259cec20941c5c0f4a
- SHA512
  
  60b4f15cfeaaa1dd3ffbbb7efc5750272c26d658767ca4d4e493d8c437a222502ec6f017b96155a80d6e9f7f54835880ff7018169ee24856b9c64befca7f06ef
- SSDEEP
  
  24576:1dMkfr422JUVryvPAD37f3rZzKbCHS6F+dbAdpBzahM:zfrJWEyvPAnf3rZWmyIy
Score

10^/10

discovery systembc trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Systembc family
  systembc
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

systembcdiscoverytrojan