systembc | 14534c3b56b149213f2ba77b1e8b6d883b3eb5b83fe38ead1944a3f38c711e3a | Triage

Analysis

max time kernel
117s
max time network
147s
platform
windows10_x64
resource
win10-en-20211014
submitted
09-11-2021 22:23

Sharing

Report Analysis Logs

General

Target

14534c3b56b149213f2ba77b1e8b6d883b3eb5b83fe38ead1944a3f38c711e3a.exe
Size

284KB
MD5

f6eb486b8ef657da1cec85e80c21ebc5
SHA1

33275724b0e901d2ef6d2c85fe6ce5758af5ec92
SHA256

14534c3b56b149213f2ba77b1e8b6d883b3eb5b83fe38ead1944a3f38c711e3a
SHA512

738147d5d3179faf4b0e9c8a9ed07b3327db6a9ab5623a0075bf7671868124dd78e7baf061f7947a3f03fb22fbf795c21b6eb82dbe974eb7f4524f635c321dc7

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

fre22.ddns.net:4199

192.53.123.202:4199

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

14534c3b56b149213f2ba77b1e8b6d883b3eb5b83fe38ead1944a3f38c711e3a.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	14534c3b56b149213f2ba77b1e8b6d883b3eb5b83fe38ead1944a3f38c711e3a.exe
File opened for modification	C:\Windows\Tasks\wow64.job	14534c3b56b149213f2ba77b1e8b6d883b3eb5b83fe38ead1944a3f38c711e3a.exe

C:\Users\Admin\AppData\Local\Temp\14534c3b56b149213f2ba77b1e8b6d883b3eb5b83fe38ead1944a3f38c711e3a.exe
"C:\Users\Admin\AppData\Local\Temp\14534c3b56b149213f2ba77b1e8b6d883b3eb5b83fe38ead1944a3f38c711e3a.exe"
1⤵
- Drops file in Windows directory
PID:1980

C:\Users\Admin\AppData\Local\Temp\14534c3b56b149213f2ba77b1e8b6d883b3eb5b83fe38ead1944a3f38c711e3a.exe
C:\Users\Admin\AppData\Local\Temp\14534c3b56b149213f2ba77b1e8b6d883b3eb5b83fe38ead1944a3f38c711e3a.exe start
1⤵
PID:3512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1980-117-0x0000000000400000-0x0000000002B3F000-memory.dmp

Filesize
39.2MB

Download
memory/1980-116-0x0000000002B40000-0x0000000002BEE000-memory.dmp

Filesize
696KB

Download
memory/3512-119-0x0000000002B40000-0x0000000002BEE000-memory.dmp

Filesize
696KB

Download
memory/3512-120-0x0000000000400000-0x0000000002B3F000-memory.dmp

Filesize
39.2MB

Download