systembc | 67b9f1191173ac067c5b021228a7aeb57084b06a77781c98de4377381afd97d3 | Triage

Analysis

max time kernel
110s
max time network
142s
platform
windows10_x64
resource
win10-en-20211014
submitted
07-11-2021 14:06

Sharing

Report Analysis Logs

General

Target

67b9f1191173ac067c5b021228a7aeb57084b06a77781c98de4377381afd97d3.exe
Size

256KB
MD5

7955ca3468136c1b409fa0d68d5ce81c
SHA1

951231c1c92dac6c12c05a45598f16aea5674873
SHA256

67b9f1191173ac067c5b021228a7aeb57084b06a77781c98de4377381afd97d3
SHA512

2a4d6caa955108545357f923a34d1e08a1bd8635c775ff0bf8de44ddb1300903112828562deddb0de914844bede4840dde9479ca8e7ab1d30034c37de5cdbdc0

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

91.209.70.71:4199

192.53.123.202:4199

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

67b9f1191173ac067c5b021228a7aeb57084b06a77781c98de4377381afd97d3.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	67b9f1191173ac067c5b021228a7aeb57084b06a77781c98de4377381afd97d3.exe
File opened for modification	C:\Windows\Tasks\wow64.job	67b9f1191173ac067c5b021228a7aeb57084b06a77781c98de4377381afd97d3.exe

C:\Users\Admin\AppData\Local\Temp\67b9f1191173ac067c5b021228a7aeb57084b06a77781c98de4377381afd97d3.exe
"C:\Users\Admin\AppData\Local\Temp\67b9f1191173ac067c5b021228a7aeb57084b06a77781c98de4377381afd97d3.exe"
1⤵
- Drops file in Windows directory
PID:3380

C:\Users\Admin\AppData\Local\Temp\67b9f1191173ac067c5b021228a7aeb57084b06a77781c98de4377381afd97d3.exe
C:\Users\Admin\AppData\Local\Temp\67b9f1191173ac067c5b021228a7aeb57084b06a77781c98de4377381afd97d3.exe start
1⤵
PID:1324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1324-118-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/3380-116-0x00000000005C0000-0x00000000005C5000-memory.dmp

Filesize
20KB

Download
memory/3380-115-0x00000000005B0000-0x00000000005B6000-memory.dmp

Filesize
24KB

Download
memory/3380-117-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download