systembc | 6baa26e0f82719c4f8e763c7d7f584a925279fcf8c18644792a4a7091d5c64f0

Analysis

Target

313d1b2d4230e9de7f7bc5c3500b91a6.exe
Size

190KB
MD5

313d1b2d4230e9de7f7bc5c3500b91a6
SHA1

194a4887da7619e775434bc9bcd9fce30f112d68
SHA256

6baa26e0f82719c4f8e763c7d7f584a925279fcf8c18644792a4a7091d5c64f0
SHA512

e559f5d5f51692f4897b42b501c5ede260761897da7db17b81e8a4909a9d3a60df2e2827fb365950f6335abeeab5ec5badff2179734e8ca2fb318139db344681

Score

10^/10

systembc trojan

Family

systembc

91.209.70.71:4199

192.53.123.202:4199

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

313d1b2d4230e9de7f7bc5c3500b91a6.exe

description	ioc	process
File opened for modification	C:\Windows\Tasks\wow64.job	313d1b2d4230e9de7f7bc5c3500b91a6.exe
File created	C:\Windows\Tasks\wow64.job	313d1b2d4230e9de7f7bc5c3500b91a6.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

taskeng.exe

description	pid	process	target process
PID 1508 wrote to memory of 804	1508	taskeng.exe	313d1b2d4230e9de7f7bc5c3500b91a6.exe
PID 1508 wrote to memory of 804	1508	taskeng.exe	313d1b2d4230e9de7f7bc5c3500b91a6.exe
PID 1508 wrote to memory of 804	1508	taskeng.exe	313d1b2d4230e9de7f7bc5c3500b91a6.exe
PID 1508 wrote to memory of 804	1508	taskeng.exe	313d1b2d4230e9de7f7bc5c3500b91a6.exe

C:\Users\Admin\AppData\Local\Temp\313d1b2d4230e9de7f7bc5c3500b91a6.exe
"C:\Users\Admin\AppData\Local\Temp\313d1b2d4230e9de7f7bc5c3500b91a6.exe"
1⤵
- Drops file in Windows directory
PID:1156

C:\Windows\system32\taskeng.exe
taskeng.exe {893041EB-056A-4660-A2CA-4DEAF9EB2D8B} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Users\Admin\AppData\Local\Temp\313d1b2d4230e9de7f7bc5c3500b91a6.exe
  C:\Users\Admin\AppData\Local\Temp\313d1b2d4230e9de7f7bc5c3500b91a6.exe start
  2⤵
  PID:804

memory/804-59-0x0000000000000000-mapping.dmp

Download
memory/804-61-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1156-55-0x0000000076531000-0x0000000076533000-memory.dmp

Filesize
8KB

Download
memory/1156-57-0x00000000001C0000-0x00000000001C5000-memory.dmp

Filesize
20KB

Download
memory/1156-56-0x00000000001B0000-0x00000000001B6000-memory.dmp

Filesize
24KB

Download
memory/1156-58-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download