systembc | e3cb8ecc9db3aba3be4aa8e721b5415ec26437fd4c2d0768af692f7cc39ec12a | Triage

Sharing

General

Target

file.exe
Size

1.2MB
Sample

250119-wlv7sayqex
MD5

559321a213a4b595bf07b50e8c8dbb72
SHA1

06bc1922faa56c961b10170e04b9743cc326c521
SHA256

e3cb8ecc9db3aba3be4aa8e721b5415ec26437fd4c2d0768af692f7cc39ec12a
SHA512

76fb3cbf467b12c5852e2f6f230bd8de58c4ec96fbb1c1f813a9e6796abb5d394661098d02d70d7f7b61f1693ff3285fd6429c3f7182a4f066409f62d2bfd691
SSDEEP

24576:QViZKZpgKSpqLffqTlEVMjTUeasefzIwwZfImCQMFX023Eyp8uR:MZpgZqLqyKXlasuGImCjFXNC

Score

10^/10

systembc discovery trojan

Malware Config

Extracted

Family

systembc

C2

wodresomdaymomentum.org

Attributes

dns
5.132.191.104

Targets

- Target
  
  file.exe
- Size
  
  1.2MB
- MD5
  
  559321a213a4b595bf07b50e8c8dbb72
- SHA1
  
  06bc1922faa56c961b10170e04b9743cc326c521
- SHA256
  
  e3cb8ecc9db3aba3be4aa8e721b5415ec26437fd4c2d0768af692f7cc39ec12a
- SHA512
  
  76fb3cbf467b12c5852e2f6f230bd8de58c4ec96fbb1c1f813a9e6796abb5d394661098d02d70d7f7b61f1693ff3285fd6429c3f7182a4f066409f62d2bfd691
- SSDEEP
  
  24576:QViZKZpgKSpqLffqTlEVMjTUeasefzIwwZfImCQMFX023Eyp8uR:MZpgZqLqyKXlasuGImCjFXNC
Score

10^/10

discovery systembc trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Systembc family
  systembc
- Downloads MZ/PE file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

systembcdiscoverytrojan