systembc | 74bc8cc794e98d78ac8e4d6eac70cec70e4c8b1359e53e48f653cac84bafdae0 | Triage

Resubmissions

18-11-2021 19:27

211118-x6fhhaach8 10

14-11-2021 07:31

211114-jcdj6agaf5 10

Analysis

max time kernel
146s
max time network
152s
platform
windows10_x64
resource
win10-en-20211014
submitted
18-11-2021 19:27

Sharing

Report Analysis Logs

General

Target

1d2d5950861d191f0cf126bf80e1857e.exe
Size

156KB
MD5

1d2d5950861d191f0cf126bf80e1857e
SHA1

d7161ac371c18a87023ce37036bcd25d09d7baa4
SHA256

74bc8cc794e98d78ac8e4d6eac70cec70e4c8b1359e53e48f653cac84bafdae0
SHA512

d189722b83816fcf20bea216e9da1832d44fffe52d5d7c06564f1505d8ccfc15f1cbe106260a14f4a8858eeba047d519a3e46d6e87cef3ffe630c2d1cb42cc63

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

91.212.150.113:4199

192.53.123.202:4199

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

1d2d5950861d191f0cf126bf80e1857e.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	1d2d5950861d191f0cf126bf80e1857e.exe
File opened for modification	C:\Windows\Tasks\wow64.job	1d2d5950861d191f0cf126bf80e1857e.exe

C:\Users\Admin\AppData\Local\Temp\1d2d5950861d191f0cf126bf80e1857e.exe
"C:\Users\Admin\AppData\Local\Temp\1d2d5950861d191f0cf126bf80e1857e.exe"
1⤵
- Drops file in Windows directory
PID:3172

C:\Users\Admin\AppData\Local\Temp\1d2d5950861d191f0cf126bf80e1857e.exe
C:\Users\Admin\AppData\Local\Temp\1d2d5950861d191f0cf126bf80e1857e.exe start
1⤵
PID:640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/640-118-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3172-116-0x0000000000490000-0x0000000000495000-memory.dmp

Filesize
20KB

Download
memory/3172-115-0x0000000000480000-0x0000000000486000-memory.dmp

Filesize
24KB

Download
memory/3172-117-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download