systembc | 6baa26e0f82719c4f8e763c7d7f584a925279fcf8c18644792a4a7091d5c64f0

Analysis

Target

313d1b2d4230e9de7f7bc5c3500b91a6.exe
Size

190KB
MD5

313d1b2d4230e9de7f7bc5c3500b91a6
SHA1

194a4887da7619e775434bc9bcd9fce30f112d68
SHA256

6baa26e0f82719c4f8e763c7d7f584a925279fcf8c18644792a4a7091d5c64f0
SHA512

e559f5d5f51692f4897b42b501c5ede260761897da7db17b81e8a4909a9d3a60df2e2827fb365950f6335abeeab5ec5badff2179734e8ca2fb318139db344681

Score

10^/10

systembc trojan

Family

systembc

91.209.70.71:4199

192.53.123.202:4199

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

313d1b2d4230e9de7f7bc5c3500b91a6.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	313d1b2d4230e9de7f7bc5c3500b91a6.exe
File opened for modification	C:\Windows\Tasks\wow64.job	313d1b2d4230e9de7f7bc5c3500b91a6.exe

C:\Users\Admin\AppData\Local\Temp\313d1b2d4230e9de7f7bc5c3500b91a6.exe
"C:\Users\Admin\AppData\Local\Temp\313d1b2d4230e9de7f7bc5c3500b91a6.exe"
1⤵
- Drops file in Windows directory
PID:3168

C:\Users\Admin\AppData\Local\Temp\313d1b2d4230e9de7f7bc5c3500b91a6.exe
C:\Users\Admin\AppData\Local\Temp\313d1b2d4230e9de7f7bc5c3500b91a6.exe start
1⤵
PID:3984

memory/3168-118-0x0000000002150000-0x0000000002156000-memory.dmp

Filesize
24KB

Download
memory/3168-119-0x0000000002160000-0x0000000002165000-memory.dmp

Filesize
20KB

Download
memory/3168-120-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3984-121-0x0000000000440000-0x000000000058A000-memory.dmp

Filesize
1.3MB

Download
memory/3984-123-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3984-122-0x0000000000440000-0x000000000058A000-memory.dmp

Filesize
1.3MB

Download