systembc | 9b1fb523aeaca79304a5433fdc73c03990472b5d7c1c91d083bc02ab1da1c19b | Triage

Sharing

General

Target

9b1fb523aeaca79304a5433fdc73c03990472b5d7c1c91d083bc02ab1da1c19b.exe
Size

1.2MB
Sample

250120-e6931a1rcj
MD5

f6277d7b1dcb39f529aaac9a003627c0
SHA1

a5813a4dbfd9d7367cfe875bebcad45282ade021
SHA256

9b1fb523aeaca79304a5433fdc73c03990472b5d7c1c91d083bc02ab1da1c19b
SHA512

8118252b7f691163e4e79ca94c84481c6cc3c0fe03da5e824294d3d03abe1dc14cc693f1cfe43c08d414e309eb6ea26be2cc7ededef9e48ad1ff172278ec92bc
SSDEEP

24576:HZor7p//S/i/APxZoU1lEmkmoQ3kS+G3ataIH8vXXpx+:6r9MxD5QmkmH3v3MP8vpo

Score

10^/10

systembc discovery trojan

Malware Config

Extracted

Family

systembc

C2

wodresomdaymomentum.org

Attributes

dns
5.132.191.104

Targets

- Target
  
  9b1fb523aeaca79304a5433fdc73c03990472b5d7c1c91d083bc02ab1da1c19b.exe
- Size
  
  1.2MB
- MD5
  
  f6277d7b1dcb39f529aaac9a003627c0
- SHA1
  
  a5813a4dbfd9d7367cfe875bebcad45282ade021
- SHA256
  
  9b1fb523aeaca79304a5433fdc73c03990472b5d7c1c91d083bc02ab1da1c19b
- SHA512
  
  8118252b7f691163e4e79ca94c84481c6cc3c0fe03da5e824294d3d03abe1dc14cc693f1cfe43c08d414e309eb6ea26be2cc7ededef9e48ad1ff172278ec92bc
- SSDEEP
  
  24576:HZor7p//S/i/APxZoU1lEmkmoQ3kS+G3ataIH8vXXpx+:6r9MxD5QmkmH3v3MP8vpo
Score

10^/10

discovery systembc trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Systembc family
  systembc
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

systembcdiscoverytrojan