systembc | d98d8488c405182e03c95b78692ca0bab65ade4838042aae4b3f0de662495ed3 | Triage

Sharing

General

Target

kzTq7Bt.exe
Size

1.7MB
Sample

250215-vfxb8avkfy
MD5

35be87c37074612e552d655637c59a0f
SHA1

d97b62245300b82004df138404e1863f7923de5c
SHA256

d98d8488c405182e03c95b78692ca0bab65ade4838042aae4b3f0de662495ed3
SHA512

7c5862ce057d1b38c3ea836f78585efb4c6c914aea1ac5e2ac757525d33f092a3e4f76c7ae7433df3d4995d3bbe6fe99728653123dbcf5bcb1f8d20badab34fa
SSDEEP

49152:82DaBnPGGeftb0jn+yMVR6n9rMZzpornZoV:8LBP9ef9xrR6n9Ezpoq

Score

10^/10

systembc defense_evasion discovery trojan

Malware Config

Extracted

Family

systembc

C2

wodresomdaymomentum.org

Attributes

dns
5.132.191.104

Extracted

Credentials

Protocol: smtp
Host:
alpha-se.co.th
Port:
587
Username:
[email protected]
Password:
Pvp1999

Extracted

Credentials

Protocol: smtp
Host:
smtp.netzero.com
Port:
587
Username:
[email protected]
Password:
fatdog117

Extracted

Credentials

Protocol: smtp
Host:
smtp.netzero.net
Port:
587
Username:
[email protected]
Password:
73357335

Extracted

Credentials

Protocol: smtp
Host:
smtp.netzero.com
Port:
587
Username:
[email protected]
Password:
whatt1

Extracted

Credentials

Protocol: smtp
Host:
smtp.ic24.net
Port:
587
Username:
[email protected]
Password:
Siemens1

Extracted

Credentials

Protocol: smtp
Host:
smtp.totalise.co.uk
Port:
587
Username:
[email protected]
Password:
school

Extracted

Credentials

Protocol: smtp
Host:
smtp.madasafish.com
Port:
587
Username:
[email protected]
Password:
bluewater1

Extracted

Credentials

Protocol: smtp
Host:
mail.mcstokes.co.uk
Port:
587
Username:
[email protected]
Password:
Holiday1

Extracted

Credentials

Protocol: smtp
Host:
fai1.menara.ma
Port:
587
Username:
[email protected]
Password:
sysmarket

Extracted

Credentials

Protocol: smtp
Host:
smtp.resolveaudiovisuals.com.au
Port:
587
Username:
[email protected]
Password:
535Ellison!

Targets

- Target
  
  kzTq7Bt.exe
- Size
  
  1.7MB
- MD5
  
  35be87c37074612e552d655637c59a0f
- SHA1
  
  d97b62245300b82004df138404e1863f7923de5c
- SHA256
  
  d98d8488c405182e03c95b78692ca0bab65ade4838042aae4b3f0de662495ed3
- SHA512
  
  7c5862ce057d1b38c3ea836f78585efb4c6c914aea1ac5e2ac757525d33f092a3e4f76c7ae7433df3d4995d3bbe6fe99728653123dbcf5bcb1f8d20badab34fa
- SSDEEP
  
  49152:82DaBnPGGeftb0jn+yMVR6n9rMZzpornZoV:8LBP9ef9xrR6n9Ezpoq
Score

10^/10

systembc defense_evasion discovery trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Systembc family
  systembc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Downloads MZ/PE file
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  defense_evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

systembcdefense_evasiondiscoverytrojan

behavioral2

systembcdefense_evasiondiscoverytrojan