systembc | 1b1d3d6ce262d1fcef892931d10e7dd77963c0d4a8134b73dc49eced853c29e5 | Triage

Analysis

max time kernel
117s
max time network
157s
platform
windows10_x64
resource
win10-en-20210920
submitted
28-10-2021 10:39

Sharing

Report Analysis Logs

General

Target

ec77832d45fd52331dc4a1c243b1a707.exe
Size

174KB
MD5

ec77832d45fd52331dc4a1c243b1a707
SHA1

f3dc139d71b653280b7842e56f2d0845a4316616
SHA256

1b1d3d6ce262d1fcef892931d10e7dd77963c0d4a8134b73dc49eced853c29e5
SHA512

cc00c7225a892eed4a195cbfea7c648f0287c53cf82d4acdacb8f260e46ff8a3ede75c4d0bf2470fc089bf5be6db7a36b58cd0f56651e969ac13c78e0378e2ca

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

185.173.39.49:4001

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

ec77832d45fd52331dc4a1c243b1a707.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	ec77832d45fd52331dc4a1c243b1a707.exe
File opened for modification	C:\Windows\Tasks\wow64.job	ec77832d45fd52331dc4a1c243b1a707.exe

C:\Users\Admin\AppData\Local\Temp\ec77832d45fd52331dc4a1c243b1a707.exe
"C:\Users\Admin\AppData\Local\Temp\ec77832d45fd52331dc4a1c243b1a707.exe"
1⤵
- Drops file in Windows directory
PID:704

C:\Users\Admin\AppData\Local\Temp\ec77832d45fd52331dc4a1c243b1a707.exe
C:\Users\Admin\AppData\Local\Temp\ec77832d45fd52331dc4a1c243b1a707.exe start
1⤵
PID:4396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/704-117-0x00000000001C0000-0x00000000001C5000-memory.dmp

Filesize
20KB

Download
memory/704-118-0x0000000000400000-0x0000000002EF1000-memory.dmp

Filesize
42.9MB

Download
memory/704-116-0x0000000000030000-0x0000000000036000-memory.dmp

Filesize
24KB

Download
memory/4396-119-0x0000000000400000-0x0000000002EF1000-memory.dmp

Filesize
42.9MB

Download