systembc | 74bc8cc794e98d78ac8e4d6eac70cec70e4c8b1359e53e48f653cac84bafdae0 | Triage

Analysis

max time kernel
75s
max time network
141s
platform
windows10_x64
resource
win10-en-20211014
submitted
12-11-2021 21:40

Sharing

Report Analysis Logs

General

Target

74bc8cc794e98d78ac8e4d6eac70cec70e4c8b1359e53e48f653cac84bafdae0.exe
Size

156KB
MD5

1d2d5950861d191f0cf126bf80e1857e
SHA1

d7161ac371c18a87023ce37036bcd25d09d7baa4
SHA256

74bc8cc794e98d78ac8e4d6eac70cec70e4c8b1359e53e48f653cac84bafdae0
SHA512

d189722b83816fcf20bea216e9da1832d44fffe52d5d7c06564f1505d8ccfc15f1cbe106260a14f4a8858eeba047d519a3e46d6e87cef3ffe630c2d1cb42cc63

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

91.212.150.113:4199

192.53.123.202:4199

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

74bc8cc794e98d78ac8e4d6eac70cec70e4c8b1359e53e48f653cac84bafdae0.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	74bc8cc794e98d78ac8e4d6eac70cec70e4c8b1359e53e48f653cac84bafdae0.exe
File opened for modification	C:\Windows\Tasks\wow64.job	74bc8cc794e98d78ac8e4d6eac70cec70e4c8b1359e53e48f653cac84bafdae0.exe

C:\Users\Admin\AppData\Local\Temp\74bc8cc794e98d78ac8e4d6eac70cec70e4c8b1359e53e48f653cac84bafdae0.exe
"C:\Users\Admin\AppData\Local\Temp\74bc8cc794e98d78ac8e4d6eac70cec70e4c8b1359e53e48f653cac84bafdae0.exe"
1⤵
- Drops file in Windows directory
PID:2720

C:\Users\Admin\AppData\Local\Temp\74bc8cc794e98d78ac8e4d6eac70cec70e4c8b1359e53e48f653cac84bafdae0.exe
C:\Users\Admin\AppData\Local\Temp\74bc8cc794e98d78ac8e4d6eac70cec70e4c8b1359e53e48f653cac84bafdae0.exe start
1⤵
PID:3992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2720-116-0x00000000005D0000-0x00000000005D5000-memory.dmp

Filesize
20KB

Download
memory/2720-115-0x00000000005C0000-0x00000000005C6000-memory.dmp

Filesize
24KB

Download
memory/2720-117-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3992-118-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download