systembc | 490c603f0ed1e224b7589358ab78a03dd109e4f69b67b12ff0645bb7e083a20a | Triage

Sharing

General

Target

490c603f0ed1e224b7589358ab78a03dd109e4f69b67b12ff0645bb7e083a20a
Size

2.2MB
Sample

250219-hxhh6ssks9
MD5

dedb8ce49e5f1f00640bf0b87cb8dbdb
SHA1

2d88f6f8e27604810bfecc78d334362bf2d1cda0
SHA256

490c603f0ed1e224b7589358ab78a03dd109e4f69b67b12ff0645bb7e083a20a
SHA512

2452546bbdcb32c63ac00833c416c68136b5e2fb69a278314659176512b5f4cb8380d9435e40fd8087da44c43524ac5a233b37a343997a909f33d6b6f0b1d094
SSDEEP

49152:VFCN368IYHAdu3EveTbSJfpjwIsRBnqTPweLJ2GbWi9sYS1HfDxwAlPjJvLRUFt3:VFCN368IYHAdu3EveTbSJfpjwIsRBnqp

Score

10^/10

systembc discovery trojan

Malware Config

Extracted

Family

systembc

C2

wodresomdaymomentum.org

Attributes

dns
5.132.191.104

Targets

- Target
  
  490c603f0ed1e224b7589358ab78a03dd109e4f69b67b12ff0645bb7e083a20a
- Size
  
  2.2MB
- MD5
  
  dedb8ce49e5f1f00640bf0b87cb8dbdb
- SHA1
  
  2d88f6f8e27604810bfecc78d334362bf2d1cda0
- SHA256
  
  490c603f0ed1e224b7589358ab78a03dd109e4f69b67b12ff0645bb7e083a20a
- SHA512
  
  2452546bbdcb32c63ac00833c416c68136b5e2fb69a278314659176512b5f4cb8380d9435e40fd8087da44c43524ac5a233b37a343997a909f33d6b6f0b1d094
- SSDEEP
  
  49152:VFCN368IYHAdu3EveTbSJfpjwIsRBnqTPweLJ2GbWi9sYS1HfDxwAlPjJvLRUFt3:VFCN368IYHAdu3EveTbSJfpjwIsRBnqp
Score

10^/10

discovery systembc trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Systembc family
  systembc
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

systembcdiscoverytrojan