SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks
Jan 25, 2024
Remote Access Trojan
Cybersecurity researchers have shed light on the command-and-control (C2) server workings of a known malware family called SystemBC . "SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control (C2) server, and a web administration portal written in PHP," Kroll said in an analysis published last week. The risk and financial advisory solutions provider said it has witnessed an increase in the use of malware throughout Q2 and Q3 2023. SystemBC, first observed in the wild in 2018, allows threat actors to remote control a compromised host and deliver additional payloads, including trojans, Cobalt Strike, and ransomware. It also features support for launching ancillary modules on the fly to expand on its core functionality. A standout aspect of the malware revolves around its use of SOCKS5 proxies to mask network traffic to and from C2 infrastructure, acting as a persistent access mechanism for post-