systembc | f57aff01f0d6a36bddeb8e7bbf8b33874c47a58d7827399c823424866aee33dd

Analysis

Target

25bb7618c80b2f912790e7f54f898a5f.exe
Size

959KB
MD5

25bb7618c80b2f912790e7f54f898a5f
SHA1

96ffd62a194f6436592dd9a3c59fe9223bb72611
SHA256

f57aff01f0d6a36bddeb8e7bbf8b33874c47a58d7827399c823424866aee33dd
SHA512

d63fb34e6f6dd0d4ecde2bccf9ddb67c1516d4f4c82bce6f8479b0bfed6fafca7bd4b5f02b71859387f30ca432fc0c262df5e5739e6ba44b40f45b1e85c0e312

Score

10^/10

systembc trojan

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc
Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

wgbwbtw.exe

pid process

212 wgbwbtw.exe

pid	process
212	wgbwbtw.exe

Drops file in Windows directory 3 IoCs

Processes:

25bb7618c80b2f912790e7f54f898a5f.exewgbwbtw.exe

description	ioc	process
File opened for modification	C:\Windows\Tasks\wgbwbtw.job	25bb7618c80b2f912790e7f54f898a5f.exe
File created	C:\Windows\Tasks\ntckseltdmufoxirclu.job	wgbwbtw.exe
File created	C:\Windows\Tasks\wgbwbtw.job	25bb7618c80b2f912790e7f54f898a5f.exe

C:\Users\Admin\AppData\Local\Temp\25bb7618c80b2f912790e7f54f898a5f.exe
"C:\Users\Admin\AppData\Local\Temp\25bb7618c80b2f912790e7f54f898a5f.exe"
1⤵
- Drops file in Windows directory
PID:648

C:\ProgramData\nrha\wgbwbtw.exe
MD5
25bb7618c80b2f912790e7f54f898a5f

SHA1
96ffd62a194f6436592dd9a3c59fe9223bb72611

SHA256
f57aff01f0d6a36bddeb8e7bbf8b33874c47a58d7827399c823424866aee33dd

SHA512
d63fb34e6f6dd0d4ecde2bccf9ddb67c1516d4f4c82bce6f8479b0bfed6fafca7bd4b5f02b71859387f30ca432fc0c262df5e5739e6ba44b40f45b1e85c0e312

Download Submit
C:\ProgramData\nrha\wgbwbtw.exe
MD5
25bb7618c80b2f912790e7f54f898a5f

SHA1
96ffd62a194f6436592dd9a3c59fe9223bb72611

SHA256
f57aff01f0d6a36bddeb8e7bbf8b33874c47a58d7827399c823424866aee33dd

SHA512
d63fb34e6f6dd0d4ecde2bccf9ddb67c1516d4f4c82bce6f8479b0bfed6fafca7bd4b5f02b71859387f30ca432fc0c262df5e5739e6ba44b40f45b1e85c0e312

Download Submit