systembc | ab2aa9e4baf569c082a2dc8bbea43230e1e3fefd2847a158785741ea87e3396f | Triage

Analysis

max time kernel
124s
max time network
148s
platform
windows10_x64
resource
win10-en-20211104
submitted
11-11-2021 19:54

Sharing

Report Analysis Logs

General

Target

ab2aa9e4baf569c082a2dc8bbea43230e1e3fefd2847a158785741ea87e3396f.exe
Size

333KB
MD5

a7a159e74441b1baec4d9c6f44f173ca
SHA1

cba5bb509afeeaa41bfe731731890a07a9a3d197
SHA256

ab2aa9e4baf569c082a2dc8bbea43230e1e3fefd2847a158785741ea87e3396f
SHA512

47f801707384fc0bb501593926c9b5dde623d2f34a2306567585d3baf56a82f4a479ce9184c9edb39081cec157879cde086176210e727cf10fb8f386e5f32e56

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

91.212.150.113:4199

192.53.123.202:4199

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

ab2aa9e4baf569c082a2dc8bbea43230e1e3fefd2847a158785741ea87e3396f.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	ab2aa9e4baf569c082a2dc8bbea43230e1e3fefd2847a158785741ea87e3396f.exe
File opened for modification	C:\Windows\Tasks\wow64.job	ab2aa9e4baf569c082a2dc8bbea43230e1e3fefd2847a158785741ea87e3396f.exe

C:\Users\Admin\AppData\Local\Temp\ab2aa9e4baf569c082a2dc8bbea43230e1e3fefd2847a158785741ea87e3396f.exe
"C:\Users\Admin\AppData\Local\Temp\ab2aa9e4baf569c082a2dc8bbea43230e1e3fefd2847a158785741ea87e3396f.exe"
1⤵
- Drops file in Windows directory
PID:4008

C:\Users\Admin\AppData\Local\Temp\ab2aa9e4baf569c082a2dc8bbea43230e1e3fefd2847a158785741ea87e3396f.exe
C:\Users\Admin\AppData\Local\Temp\ab2aa9e4baf569c082a2dc8bbea43230e1e3fefd2847a158785741ea87e3396f.exe start
1⤵
PID:4224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4008-120-0x0000000000400000-0x0000000002B4B000-memory.dmp

Filesize
39.3MB

Download
memory/4008-119-0x00000000001E0000-0x00000000001E5000-memory.dmp

Filesize
20KB

Download
memory/4224-121-0x0000000002F2C000-0x0000000002F3C000-memory.dmp

Filesize
64KB

Download
memory/4224-122-0x0000000000400000-0x0000000002B4B000-memory.dmp

Filesize
39.3MB

Download