Analysis
-
max time kernel
121s -
max time network
157s -
platform
windows10_x64 -
resource
win10-en-20211104 -
submitted
06-11-2021 19:07
General
-
Target
6baa26e0f82719c4f8e763c7d7f584a925279fcf8c18644792a4a7091d5c64f0.exe
-
Size
190KB
-
MD5
313d1b2d4230e9de7f7bc5c3500b91a6
-
SHA1
194a4887da7619e775434bc9bcd9fce30f112d68
-
SHA256
6baa26e0f82719c4f8e763c7d7f584a925279fcf8c18644792a4a7091d5c64f0
-
SHA512
e559f5d5f51692f4897b42b501c5ede260761897da7db17b81e8a4909a9d3a60df2e2827fb365950f6335abeeab5ec5badff2179734e8ca2fb318139db344681
Score
10/10
Malware Config
Extracted
Family
systembc
C2
91.209.70.71:4199
192.53.123.202:4199
Signatures
-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Drops file in Windows directory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6baa26e0f82719c4f8e763c7d7f584a925279fcf8c18644792a4a7091d5c64f0.exe"C:\Users\Admin\AppData\Local\Temp\6baa26e0f82719c4f8e763c7d7f584a925279fcf8c18644792a4a7091d5c64f0.exe"1⤵
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\6baa26e0f82719c4f8e763c7d7f584a925279fcf8c18644792a4a7091d5c64f0.exeC:\Users\Admin\AppData\Local\Temp\6baa26e0f82719c4f8e763c7d7f584a925279fcf8c18644792a4a7091d5c64f0.exe start1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2724-119-0x0000000002160000-0x0000000002165000-memory.dmpFilesize
20KB
-
memory/2724-118-0x0000000002150000-0x0000000002156000-memory.dmpFilesize
24KB
-
memory/2724-120-0x0000000000400000-0x000000000043A000-memory.dmpFilesize
232KB
-
memory/3692-121-0x0000000000540000-0x000000000068A000-memory.dmpFilesize
1.3MB
-
memory/3692-122-0x0000000000400000-0x000000000043A000-memory.dmpFilesize
232KB