Rewterz Threat Alert – SystemBC Malware

Rewterz Threat Alert – AveMaria RAT – Active IOCs

August 17, 2022

Rewterz Threat Alert – APT10 MenuPass – Active IOCs

August 17, 2022

Rewterz Threat Alert – SystemBC Malware – Active IOCs

Severity

Medium

Analysis Summary

SystemBC malware is recently being distributed through Emotet and SmokeLoader. The malware has been used in multiple ransomware attacks over the past few years. SystemBC acts as a Proxy Bot and if an infected system has SystemBC on it, then the system can be used as a passage to access the victim’s address. The earlier versions of the malware were distributed using Fallout exploit kit and RIG exploit kit. The 2020 version was used with Egregor or Ryuk-associated ransomware attacks. DarkSide ransomware group also used the malware. SystemBC is mainly used as a proxy and to download and install additional payloads. It might be installed in internal networks to perform the role of a proxy or download and execute malicious payloads.

Impact

Credential Theft
Information Theft
Financial Loss

Indicators of Compromise

MD5

210de21cbb8c42be3cad45f2741b16a6

SHA-256

5938c5aa6e1b709bdc709a95cb570c9f48309ac783d54208d679af10bbd1131c

SHA-1

836c4d71c7493464beb6ae190ca96edb02b819c3

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.