systembc | 13d745875c936f4e1a14f8a9ea0e47307e108a85de099863300c33683cf434d5 | Triage

Analysis

max time kernel
147s
max time network
152s
platform
windows10_x64
resource
win10-en-20211014
submitted
09-11-2021 15:33

Sharing

Report Analysis Logs

General

Target

13d745875c936f4e1a14f8a9ea0e47307e108a85de099863300c33683cf434d5.exe
Size

288KB
MD5

b0f7bd15a71edc950651331efff96b50
SHA1

8c7c5d56bc38d96fc98e58d00891c00047d49634
SHA256

13d745875c936f4e1a14f8a9ea0e47307e108a85de099863300c33683cf434d5
SHA512

6de6089e01dcfac94627027ad86fab326656f7533c5d9a110de3d23500b4b0a7c61e7e58f6d22afa42bd99b3e17cfbd1c04ec5fb8ddebd0a35321399ca26f05c

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

91.209.70.71:4199

192.53.123.202:4199

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

13d745875c936f4e1a14f8a9ea0e47307e108a85de099863300c33683cf434d5.exe

description	ioc	process
File opened for modification	C:\Windows\Tasks\wow64.job	13d745875c936f4e1a14f8a9ea0e47307e108a85de099863300c33683cf434d5.exe
File created	C:\Windows\Tasks\wow64.job	13d745875c936f4e1a14f8a9ea0e47307e108a85de099863300c33683cf434d5.exe

C:\Users\Admin\AppData\Local\Temp\13d745875c936f4e1a14f8a9ea0e47307e108a85de099863300c33683cf434d5.exe
"C:\Users\Admin\AppData\Local\Temp\13d745875c936f4e1a14f8a9ea0e47307e108a85de099863300c33683cf434d5.exe"
1⤵
- Drops file in Windows directory
PID:3428

C:\Users\Admin\AppData\Local\Temp\13d745875c936f4e1a14f8a9ea0e47307e108a85de099863300c33683cf434d5.exe
C:\Users\Admin\AppData\Local\Temp\13d745875c936f4e1a14f8a9ea0e47307e108a85de099863300c33683cf434d5.exe start
1⤵
PID:1548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1548-118-0x0000000002E5D000-0x0000000002E6D000-memory.dmp

Filesize
64KB

Download
memory/1548-119-0x0000000000400000-0x0000000002B3F000-memory.dmp

Filesize
39.2MB

Download
memory/3428-116-0x0000000002CD0000-0x0000000002CD5000-memory.dmp

Filesize
20KB

Download
memory/3428-117-0x0000000000400000-0x0000000002B3F000-memory.dmp

Filesize
39.2MB

Download