systembc | 14534c3b56b149213f2ba77b1e8b6d883b3eb5b83fe38ead1944a3f38c711e3a

Analysis

Target

f6eb486b8ef657da1cec85e80c21ebc5.exe
Size

284KB
MD5

f6eb486b8ef657da1cec85e80c21ebc5
SHA1

33275724b0e901d2ef6d2c85fe6ce5758af5ec92
SHA256

14534c3b56b149213f2ba77b1e8b6d883b3eb5b83fe38ead1944a3f38c711e3a
SHA512

738147d5d3179faf4b0e9c8a9ed07b3327db6a9ab5623a0075bf7671868124dd78e7baf061f7947a3f03fb22fbf795c21b6eb82dbe974eb7f4524f635c321dc7

Score

10^/10

systembc trojan

Family

systembc

fre22.ddns.net:4199

192.53.123.202:4199

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

f6eb486b8ef657da1cec85e80c21ebc5.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	f6eb486b8ef657da1cec85e80c21ebc5.exe
File opened for modification	C:\Windows\Tasks\wow64.job	f6eb486b8ef657da1cec85e80c21ebc5.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

taskeng.exe

description	pid	process	target process
PID 1368 wrote to memory of 832	1368	taskeng.exe	f6eb486b8ef657da1cec85e80c21ebc5.exe
PID 1368 wrote to memory of 832	1368	taskeng.exe	f6eb486b8ef657da1cec85e80c21ebc5.exe
PID 1368 wrote to memory of 832	1368	taskeng.exe	f6eb486b8ef657da1cec85e80c21ebc5.exe
PID 1368 wrote to memory of 832	1368	taskeng.exe	f6eb486b8ef657da1cec85e80c21ebc5.exe

C:\Users\Admin\AppData\Local\Temp\f6eb486b8ef657da1cec85e80c21ebc5.exe
"C:\Users\Admin\AppData\Local\Temp\f6eb486b8ef657da1cec85e80c21ebc5.exe"
1⤵
- Drops file in Windows directory
PID:1872

C:\Windows\system32\taskeng.exe
taskeng.exe {B105ACCF-DA37-475B-AE4C-77B76548FB71} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Users\Admin\AppData\Local\Temp\f6eb486b8ef657da1cec85e80c21ebc5.exe
  C:\Users\Admin\AppData\Local\Temp\f6eb486b8ef657da1cec85e80c21ebc5.exe start
  2⤵
  PID:832

memory/832-59-0x0000000000000000-mapping.dmp

Download
memory/832-60-0x00000000002AB000-0x00000000002BB000-memory.dmp

Filesize
64KB

Download
memory/832-62-0x0000000000400000-0x0000000002B3F000-memory.dmp

Filesize
39.2MB

Download
memory/1872-55-0x0000000002C1B000-0x0000000002C2B000-memory.dmp

Filesize
64KB

Download
memory/1872-56-0x0000000076081000-0x0000000076083000-memory.dmp

Filesize
8KB

Download
memory/1872-57-0x0000000000220000-0x0000000000225000-memory.dmp

Filesize
20KB

Download
memory/1872-58-0x0000000000400000-0x0000000002B3F000-memory.dmp

Filesize
39.2MB

Download