Overview

overview

10

Static

static

10

62b76c6b34...e5.exe

windows7_x64

10

62b76c6b34...e5.exe

windows10_x64

10

Analysis

  • max time kernel
    142s
  • max time network
    149s
  • platform
    windows10_x64
  • resource
    win10-en
  • submitted
    17-09-2021 16:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    62b76c6b344a690944da5a9348059f55f60ceded8f526b6c424d0ff43f8b74e5.exe

  • Size

    33KB

  • MD5

    8363135b1c443a979ccc232d67c4db6e

  • SHA1

    269208672fe7ea3a4d333fffb5ab4611d396053a

  • SHA256

    62b76c6b344a690944da5a9348059f55f60ceded8f526b6c424d0ff43f8b74e5

  • SHA512

    a8e395e77503d7e24145eec84ffd06c117482d378122d1748c60c4a3702d93174da6da87eafeb724e1a0776328ed45faf8c13d3fead476af6271e54028cf0fa7

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

websitetbox.com:4035

backupboxsite.com:4035

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\62b76c6b344a690944da5a9348059f55f60ceded8f526b6c424d0ff43f8b74e5.exe
    "C:\Users\Admin\AppData\Local\Temp\62b76c6b344a690944da5a9348059f55f60ceded8f526b6c424d0ff43f8b74e5.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:4636
  • C:\ProgramData\clwqdwq\bavm.exe
    C:\ProgramData\clwqdwq\bavm.exe start
    1⤵
    • Executes dropped EXE
    PID:4668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\clwqdwq\bavm.exe
    MD5

    8363135b1c443a979ccc232d67c4db6e

    SHA1

    269208672fe7ea3a4d333fffb5ab4611d396053a

    SHA256

    62b76c6b344a690944da5a9348059f55f60ceded8f526b6c424d0ff43f8b74e5

    SHA512

    a8e395e77503d7e24145eec84ffd06c117482d378122d1748c60c4a3702d93174da6da87eafeb724e1a0776328ed45faf8c13d3fead476af6271e54028cf0fa7

    Download Submit

  • C:\ProgramData\clwqdwq\bavm.exe
    MD5

    8363135b1c443a979ccc232d67c4db6e

    SHA1

    269208672fe7ea3a4d333fffb5ab4611d396053a

    SHA256

    62b76c6b344a690944da5a9348059f55f60ceded8f526b6c424d0ff43f8b74e5

    SHA512

    a8e395e77503d7e24145eec84ffd06c117482d378122d1748c60c4a3702d93174da6da87eafeb724e1a0776328ed45faf8c13d3fead476af6271e54028cf0fa7

    Download Submit