systembc | e9e0888b0f7fae7a4b512541b2ce7343d902c5fd8dc8db78b258dbdd2621ef97

Analysis

Target

e9e0888b0f7fae7a4b512541b2ce7343d902c5fd8dc8db78b258dbdd2621ef97.exe
Size

286KB
MD5

0177a53ada5ea46708a3d8a822320dfe
SHA1

56f4c9066da0ece27b6c6de53d1099aa91743e64
SHA256

e9e0888b0f7fae7a4b512541b2ce7343d902c5fd8dc8db78b258dbdd2621ef97
SHA512

25550e723629568351116cd36f1395c685f3a800ce60465af6c48f2a7c8e771208a138b9217756cfd51e03a0083e90e4876552ec773ba94e51507f5e8ae7fd1d

Score

10^/10

systembc trojan

Family

systembc

fre22.ddns.net:4199

192.53.123.202:4199

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

e9e0888b0f7fae7a4b512541b2ce7343d902c5fd8dc8db78b258dbdd2621ef97.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	e9e0888b0f7fae7a4b512541b2ce7343d902c5fd8dc8db78b258dbdd2621ef97.exe
File opened for modification	C:\Windows\Tasks\wow64.job	e9e0888b0f7fae7a4b512541b2ce7343d902c5fd8dc8db78b258dbdd2621ef97.exe

C:\Users\Admin\AppData\Local\Temp\e9e0888b0f7fae7a4b512541b2ce7343d902c5fd8dc8db78b258dbdd2621ef97.exe
"C:\Users\Admin\AppData\Local\Temp\e9e0888b0f7fae7a4b512541b2ce7343d902c5fd8dc8db78b258dbdd2621ef97.exe"
1⤵
- Drops file in Windows directory
PID:3064

C:\Users\Admin\AppData\Local\Temp\e9e0888b0f7fae7a4b512541b2ce7343d902c5fd8dc8db78b258dbdd2621ef97.exe
C:\Users\Admin\AppData\Local\Temp\e9e0888b0f7fae7a4b512541b2ce7343d902c5fd8dc8db78b258dbdd2621ef97.exe start
1⤵
PID:3848

memory/3064-119-0x0000000002C30000-0x0000000002D7A000-memory.dmp

Filesize
1.3MB

Download
memory/3064-120-0x0000000000400000-0x0000000002B40000-memory.dmp

Filesize
39.2MB

Download
memory/3848-121-0x0000000002CDC000-0x0000000002CEC000-memory.dmp

Filesize
64KB

Download
memory/3848-122-0x0000000002B90000-0x0000000002CDA000-memory.dmp

Filesize
1.3MB

Download
memory/3848-123-0x0000000000400000-0x0000000002B40000-memory.dmp

Filesize
39.2MB

Download