systembc | b71125d68cb5767d540d8fdb699ace9c762d59bf7c17f6256fa8b7e631854a80

Analysis

Target

b71125d68cb5767d540d8fdb699ace9c762d59bf7c17f6256fa8b7e631854a80.exe
Size

285KB
MD5

8ee8c094002b3243baf716efbec93104
SHA1

d0c9a79c9f845cf038c8a8792b60ce87239d1ac6
SHA256

b71125d68cb5767d540d8fdb699ace9c762d59bf7c17f6256fa8b7e631854a80
SHA512

330a937893c9fc4bd852f142d7909ffd4c1e1c0851a1b403c8a5f47331792ec77aa4b65a52ec4b10ac3fd5c5e57b2497491ec188f07475f2fae271d878bc2499

Score

10^/10

systembc trojan

Family

systembc

fre22.ddns.net:4199

192.53.123.202:4199

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

b71125d68cb5767d540d8fdb699ace9c762d59bf7c17f6256fa8b7e631854a80.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	b71125d68cb5767d540d8fdb699ace9c762d59bf7c17f6256fa8b7e631854a80.exe
File opened for modification	C:\Windows\Tasks\wow64.job	b71125d68cb5767d540d8fdb699ace9c762d59bf7c17f6256fa8b7e631854a80.exe

C:\Users\Admin\AppData\Local\Temp\b71125d68cb5767d540d8fdb699ace9c762d59bf7c17f6256fa8b7e631854a80.exe
"C:\Users\Admin\AppData\Local\Temp\b71125d68cb5767d540d8fdb699ace9c762d59bf7c17f6256fa8b7e631854a80.exe"
1⤵
- Drops file in Windows directory
PID:2612

C:\Users\Admin\AppData\Local\Temp\b71125d68cb5767d540d8fdb699ace9c762d59bf7c17f6256fa8b7e631854a80.exe
C:\Users\Admin\AppData\Local\Temp\b71125d68cb5767d540d8fdb699ace9c762d59bf7c17f6256fa8b7e631854a80.exe start
1⤵
PID:2756

memory/2612-120-0x0000000000400000-0x0000000002B40000-memory.dmp

Filesize
39.2MB

Download
memory/2612-119-0x0000000002C20000-0x0000000002C25000-memory.dmp

Filesize
20KB

Download
memory/2756-121-0x0000000002E4C000-0x0000000002E5C000-memory.dmp

Filesize
64KB

Download
memory/2756-122-0x0000000002B40000-0x0000000002C8A000-memory.dmp

Filesize
1.3MB

Download
memory/2756-123-0x0000000000400000-0x0000000002B40000-memory.dmp

Filesize
39.2MB

Download