SystemBC

SystemBC is a malware written in C that turns infected computers into SOCKS5 proxies. The bot communicates with the command and control server using a custom binary protocol over TCP and uses RC4 encryption.

Known Variants

Customized per campaig

Mitigation Strategies

SystemBC is typically used as a proxy tool to obscure communications between attackers and their infrastructure. Its deployment usually indicates that other malicious activities are taking place in parallel. Defending against SystemBC requires monitoring network traffic for signs of proxy activity. It is crucial to use intrusion detection systems (IDS) to block traffic associated with SystemBC. Endpoint security tools should also be updated regularly to recognize and block any new variants of SystemBC.

Targeted Industries or Sectors

SystemBC has been used across various sectors, including healthcare, finance, and education, often as part of ransomware or data exfiltration campaigns.

Associated Threat Actors

SystemBC is used by multiple ransomware groups, including the notorious Ryuk and Conti gangs, as a critical tool to evade detection and extend their attack campaigns.

References

Ready to uncover malware networks?

We can help you detect malware families and expose their hidden infrastructure blending into malicious networks and hosting providers.

Book your Demo Today

Ready to uncover malware networks?

We can help you detect malware families and expose their hidden infrastructure blending into malicious networks and hosting providers.

Book your Demo Today

Ready to uncover malware networks?

We can help you detect malware families and expose their hidden infrastructure blending into malicious networks and hosting providers.

Book your Demo Today

Hunt Intelligence, Inc.