systembc | e90fa8b16a3e943baf7882ce978b4903c3012be94370e99eb0560bb8e970d682

General

Target

5350c1492b2359b71a31ba103cc19b4f.exe
Size

886KB
MD5

5350c1492b2359b71a31ba103cc19b4f
SHA1

67b81cec1269523057aac6db028b33955bffc735
SHA256

e90fa8b16a3e943baf7882ce978b4903c3012be94370e99eb0560bb8e970d682
SHA512

6d0c70987524b698bf7e8cb78cfa247078810938535ff569dd9691ed6d5e8fbea703bf62180e07e624fda13c732db226d3f2231c48e3c698e5338cfb5f253f80

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

88.198.147.80:4174

78.47.64.46:4174

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc
Downloads MZ/PE file
Executes dropped EXE 2 IoCs

Processes:

vfjn.exevfjn.exe

pid process

2116 vfjn.exe
3168 vfjn.exe

pid	process
2116	vfjn.exe
3168	vfjn.exe

Drops file in Windows directory 5 IoCs

Processes:

5350c1492b2359b71a31ba103cc19b4f.exe5350c1492b2359b71a31ba103cc19b4f.exevfjn.exe

description	ioc	process
File opened for modification	C:\Windows\Tasks\wow64.job	5350c1492b2359b71a31ba103cc19b4f.exe
File created	C:\Windows\Tasks\jqeinadjdjoicvnuojb.job	5350c1492b2359b71a31ba103cc19b4f.exe
File created	C:\Windows\Tasks\wow64.job	vfjn.exe
File opened for modification	C:\Windows\Tasks\wow64.job	vfjn.exe
File created	C:\Windows\Tasks\wow64.job	5350c1492b2359b71a31ba103cc19b4f.exe

C:\Users\Admin\AppData\Local\Temp\5350c1492b2359b71a31ba103cc19b4f.exe
"C:\Users\Admin\AppData\Local\Temp\5350c1492b2359b71a31ba103cc19b4f.exe"
1⤵
- Drops file in Windows directory
PID:1040

C:\Users\Admin\AppData\Local\Temp\5350c1492b2359b71a31ba103cc19b4f.exe
C:\Users\Admin\AppData\Local\Temp\5350c1492b2359b71a31ba103cc19b4f.exe start
1⤵
- Drops file in Windows directory
PID:700

C:\Windows\TEMP\vfjn.exe
C:\Windows\TEMP\vfjn.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2116

C:\Windows\TEMP\vfjn.exe
C:\Windows\TEMP\vfjn.exe start
1⤵
- Executes dropped EXE
PID:3168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\TEMP\vfjn.exe
MD5
5fc8b735442c0761d95300c3ab2cd3f1

SHA1
0c68b66cd251825596f6a9dbcd9cd664401012c8

SHA256
36373b5af4c8b64bff18ae7d2079da5b3cfb6371def687327d9487adb0de345d

SHA512
a49c999e918a1a68ef64bb4ea3d57c4be1a3e1a35ebb4fb603291dc78b45a408202bd40d95b0adb382ae82fffb30d5ce7ffec11db4b108199d62c77d3b6fe797

Download Submit
C:\Windows\Tasks\wow64.job
MD5
c450e629fb39772eae20a811575d809c

SHA1
f83a58f686eb00e07d7d0cf7dc1b74ebcaea6f30

SHA256
41136aaf59bff0558116cc851dee62d76d472c8d0cdcf81753529da7123e36a3

SHA512
e8cce4d552ab9d56fdac5ee903970e9b4ce164281d3a191fe0ed5c53a6c46d0f3cdbfb019b9534f5d4d19ca5ff00360bf3eb0de3d1f77e0d566711a22d7d3d0e

Download Submit
C:\Windows\Temp\vfjn.exe
MD5
5fc8b735442c0761d95300c3ab2cd3f1

SHA1
0c68b66cd251825596f6a9dbcd9cd664401012c8

SHA256
36373b5af4c8b64bff18ae7d2079da5b3cfb6371def687327d9487adb0de345d

SHA512
a49c999e918a1a68ef64bb4ea3d57c4be1a3e1a35ebb4fb603291dc78b45a408202bd40d95b0adb382ae82fffb30d5ce7ffec11db4b108199d62c77d3b6fe797

Download Submit
C:\Windows\Temp\vfjn.exe
MD5
5fc8b735442c0761d95300c3ab2cd3f1

SHA1
0c68b66cd251825596f6a9dbcd9cd664401012c8

SHA256
36373b5af4c8b64bff18ae7d2079da5b3cfb6371def687327d9487adb0de345d

SHA512
a49c999e918a1a68ef64bb4ea3d57c4be1a3e1a35ebb4fb603291dc78b45a408202bd40d95b0adb382ae82fffb30d5ce7ffec11db4b108199d62c77d3b6fe797

Download Submit
memory/700-117-0x00000000001D0000-0x00000000001F3000-memory.dmp

Filesize
140KB

Download
memory/700-119-0x0000000000400000-0x00000000004E2000-memory.dmp

Filesize
904KB

Download
memory/1040-114-0x0000000000560000-0x000000000060E000-memory.dmp

Filesize
696KB

Download
memory/1040-116-0x0000000000400000-0x00000000004E2000-memory.dmp

Filesize
904KB

Download
memory/1040-115-0x0000000002280000-0x0000000002285000-memory.dmp

Filesize
20KB

Download
memory/2116-123-0x00000000001D0000-0x00000000001F3000-memory.dmp

Filesize
140KB

Download
memory/2116-125-0x0000000000400000-0x00000000004E2000-memory.dmp

Filesize
904KB

Download
memory/3168-128-0x0000000000590000-0x000000000063E000-memory.dmp

Filesize
696KB

Download
memory/3168-129-0x0000000000400000-0x00000000004E2000-memory.dmp

Filesize
904KB

Download
memory/3168-127-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing