systembc | d5ea30279fc37436f63d3c6275aad6a2c8abdcd32e10888200fae3e986cb9626

Analysis

Target

e80b306acc8e716d906cdc517b64ca36.exe
Size

957KB
MD5

e80b306acc8e716d906cdc517b64ca36
SHA1

1955a7d549d010698ae87411655027b95ad806ce
SHA256

d5ea30279fc37436f63d3c6275aad6a2c8abdcd32e10888200fae3e986cb9626
SHA512

a454be1f398986791783193354657218e07d50c957144b79ccbd861a1989ed297fead21081e759ba4999ecef81b1ab2a5095bc1c1aa4b88179cd4d9a85a6c398

Score

10^/10

systembc trojan

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc
Executes dropped EXE 1 IoCs

Processes:

oqnhq.exe

pid process

3440 oqnhq.exe

pid	process
3440	oqnhq.exe

Drops file in Windows directory 2 IoCs

Processes:

e80b306acc8e716d906cdc517b64ca36.exe

description	ioc	process
File created	C:\Windows\Tasks\oqnhq.job	e80b306acc8e716d906cdc517b64ca36.exe
File opened for modification	C:\Windows\Tasks\oqnhq.job	e80b306acc8e716d906cdc517b64ca36.exe

C:\Users\Admin\AppData\Local\Temp\e80b306acc8e716d906cdc517b64ca36.exe
"C:\Users\Admin\AppData\Local\Temp\e80b306acc8e716d906cdc517b64ca36.exe"
1⤵
- Drops file in Windows directory
PID:972

C:\ProgramData\xfxtg\oqnhq.exe
C:\ProgramData\xfxtg\oqnhq.exe start
1⤵
- Executes dropped EXE
PID:3440

C:\ProgramData\xfxtg\oqnhq.exe
MD5
e80b306acc8e716d906cdc517b64ca36

SHA1
1955a7d549d010698ae87411655027b95ad806ce

SHA256
d5ea30279fc37436f63d3c6275aad6a2c8abdcd32e10888200fae3e986cb9626

SHA512
a454be1f398986791783193354657218e07d50c957144b79ccbd861a1989ed297fead21081e759ba4999ecef81b1ab2a5095bc1c1aa4b88179cd4d9a85a6c398

Download Submit
C:\ProgramData\xfxtg\oqnhq.exe
MD5
e80b306acc8e716d906cdc517b64ca36

SHA1
1955a7d549d010698ae87411655027b95ad806ce

SHA256
d5ea30279fc37436f63d3c6275aad6a2c8abdcd32e10888200fae3e986cb9626

SHA512
a454be1f398986791783193354657218e07d50c957144b79ccbd861a1989ed297fead21081e759ba4999ecef81b1ab2a5095bc1c1aa4b88179cd4d9a85a6c398

Download Submit