systembc | c477f22f36f0c7e272e694e0e630996f6bfdbf5ba93296dabe63581ab8ca96f6 | Triage

Sharing

General

Target

c477f22f36f0c7e272e694e0e630996f6bfdbf5ba93296dabe63581ab8ca96f6.exe
Size

1.2MB
Sample

250120-fcrj8s1rfs
MD5

c306310f6b7674b64e7c48e46d480509
SHA1

0e75e48e8e63f081ee79aaf3bc70004d40f00b08
SHA256

c477f22f36f0c7e272e694e0e630996f6bfdbf5ba93296dabe63581ab8ca96f6
SHA512

73a7035def27aa1fc7748e5f25d98c569534e7bb8c5d65731fcf2ae26e6a2101e635f26548f7b759fcc0bc5b5f32a0f9f0888e51e03f7287ed67feef625ff711
SSDEEP

24576:Oua4nde8YqNMGmKhQBgliNDaKiky+YacnExAOYbyp:LoWqfgliNDafthacnqAOj

Score

10^/10

systembc discovery trojan

Malware Config

Extracted

Family

systembc

C2

wodresomdaymomentum.org

Attributes

dns
5.132.191.104

Targets

- Target
  
  c477f22f36f0c7e272e694e0e630996f6bfdbf5ba93296dabe63581ab8ca96f6.exe
- Size
  
  1.2MB
- MD5
  
  c306310f6b7674b64e7c48e46d480509
- SHA1
  
  0e75e48e8e63f081ee79aaf3bc70004d40f00b08
- SHA256
  
  c477f22f36f0c7e272e694e0e630996f6bfdbf5ba93296dabe63581ab8ca96f6
- SHA512
  
  73a7035def27aa1fc7748e5f25d98c569534e7bb8c5d65731fcf2ae26e6a2101e635f26548f7b759fcc0bc5b5f32a0f9f0888e51e03f7287ed67feef625ff711
- SSDEEP
  
  24576:Oua4nde8YqNMGmKhQBgliNDaKiky+YacnExAOYbyp:LoWqfgliNDafthacnqAOj
Score

10^/10

discovery systembc trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Systembc family
  systembc
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

systembcdiscoverytrojan