Overview

overview

10

Static

static

10

195fa07b1f...in.exe

windows7_x64

10

195fa07b1f...in.exe

windows10_x64

10

Analysis

  • max time kernel
    97s
  • max time network
    144s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    15-03-2021 15:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    195fa07b1f6fc1c8d4fab943f3b795beeb8cf44495e6e1cedfe0acbeb8a033a1.bin.exe

  • Size

    30KB

  • MD5

    9e59c1246f4cb952549c2d12f32208cd

  • SHA1

    6412f4e284a1d5fb720f4e1a9d1e08b5bf7a9e5d

  • SHA256

    195fa07b1f6fc1c8d4fab943f3b795beeb8cf44495e6e1cedfe0acbeb8a033a1

  • SHA512

    2bbdc436a10792aeda2773466c08f919864c23e1503a8964b10990bd16a45054e0ed179d07872959a1eb6552a14a8f730ac6c44f9278057e732ee08c6e3ec494

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

104.217.8.100:5050

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\195fa07b1f6fc1c8d4fab943f3b795beeb8cf44495e6e1cedfe0acbeb8a033a1.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\195fa07b1f6fc1c8d4fab943f3b795beeb8cf44495e6e1cedfe0acbeb8a033a1.bin.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:1204
  • C:\ProgramData\fjfbvok\lsistv.exe
    C:\ProgramData\fjfbvok\lsistv.exe start
    1⤵
    • Executes dropped EXE
    PID:2712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\fjfbvok\lsistv.exe
    MD5

    9e59c1246f4cb952549c2d12f32208cd

    SHA1

    6412f4e284a1d5fb720f4e1a9d1e08b5bf7a9e5d

    SHA256

    195fa07b1f6fc1c8d4fab943f3b795beeb8cf44495e6e1cedfe0acbeb8a033a1

    SHA512

    2bbdc436a10792aeda2773466c08f919864c23e1503a8964b10990bd16a45054e0ed179d07872959a1eb6552a14a8f730ac6c44f9278057e732ee08c6e3ec494

    Download Submit
  • C:\ProgramData\fjfbvok\lsistv.exe
    MD5

    9e59c1246f4cb952549c2d12f32208cd

    SHA1

    6412f4e284a1d5fb720f4e1a9d1e08b5bf7a9e5d

    SHA256

    195fa07b1f6fc1c8d4fab943f3b795beeb8cf44495e6e1cedfe0acbeb8a033a1

    SHA512

    2bbdc436a10792aeda2773466c08f919864c23e1503a8964b10990bd16a45054e0ed179d07872959a1eb6552a14a8f730ac6c44f9278057e732ee08c6e3ec494

    Download Submit