systembc | 1f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84

General

Target

soc.exe
Size

149KB
MD5

23e0db71f3d2182bb78ed5aaed6dbe31
SHA1

bdd3f63038f0c5cb80812289694da6e1d81b74ed
SHA256

1f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84
SHA512

03964f4dae03248bf3458d15334046632fc7ccc843f23f2b628a0e52aa162a347dfc5d7dd8307e98fa4e1cd17e9aa597513286859a6fbc2f9a124f9b54723ff3

Score

10^/10

systembc suricata trojan

Malware Config

Extracted

Family

systembc

C2

45.156.26.59:4179

217.182.46.152:4179

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata
Downloads MZ/PE file
Executes dropped EXE 2 IoCs

Processes:

vrhmnjk.exevrhmnjk.exe

pid process

3308 vrhmnjk.exe
2652 vrhmnjk.exe

pid	process
3308	vrhmnjk.exe
2652	vrhmnjk.exe

Drops file in Windows directory 5 IoCs

Processes:

soc.exesoc.exevrhmnjk.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	soc.exe
File opened for modification	C:\Windows\Tasks\wow64.job	soc.exe
File created	C:\Windows\Tasks\edxpanwimadhlpnqeig.job	soc.exe
File created	C:\Windows\Tasks\wow64.job	vrhmnjk.exe
File opened for modification	C:\Windows\Tasks\wow64.job	vrhmnjk.exe

C:\Users\Admin\AppData\Local\Temp\soc.exe
"C:\Users\Admin\AppData\Local\Temp\soc.exe"
1⤵
- Drops file in Windows directory
PID:2700

C:\Users\Admin\AppData\Local\Temp\soc.exe
C:\Users\Admin\AppData\Local\Temp\soc.exe start
1⤵
- Drops file in Windows directory
PID:4068

C:\Windows\TEMP\vrhmnjk.exe
C:\Windows\TEMP\vrhmnjk.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:3308

C:\Windows\TEMP\vrhmnjk.exe
C:\Windows\TEMP\vrhmnjk.exe start
1⤵
- Executes dropped EXE
PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\TEMP\vrhmnjk.exe

MD5
23e0db71f3d2182bb78ed5aaed6dbe31

SHA1
bdd3f63038f0c5cb80812289694da6e1d81b74ed

SHA256
1f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84

SHA512
03964f4dae03248bf3458d15334046632fc7ccc843f23f2b628a0e52aa162a347dfc5d7dd8307e98fa4e1cd17e9aa597513286859a6fbc2f9a124f9b54723ff3

Download Submit
C:\Windows\Tasks\wow64.job

MD5
4041ff2e1f0cf83ecdd32c31e69d5ce5

SHA1
c4edbef864f6c6ff8469ca0b3ddaf92df9894f96

SHA256
284ab8d1fbb2a02ea71d406511d55da654ade9a415413eaca8025d3192199df2

SHA512
c6b764221b9c44f4cbae60e1a12ed1eee93ebad858ccf88095a76102b0ecfeead8e2c48a4befaed7e1aae7edb41bfc7dca137652db403fd0d9c021c8a9d434d8

Download Submit
C:\Windows\Temp\vrhmnjk.exe

MD5
23e0db71f3d2182bb78ed5aaed6dbe31

SHA1
bdd3f63038f0c5cb80812289694da6e1d81b74ed

SHA256
1f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84

SHA512
03964f4dae03248bf3458d15334046632fc7ccc843f23f2b628a0e52aa162a347dfc5d7dd8307e98fa4e1cd17e9aa597513286859a6fbc2f9a124f9b54723ff3

Download Submit
C:\Windows\Temp\vrhmnjk.exe

MD5
23e0db71f3d2182bb78ed5aaed6dbe31

SHA1
bdd3f63038f0c5cb80812289694da6e1d81b74ed

SHA256
1f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84

SHA512
03964f4dae03248bf3458d15334046632fc7ccc843f23f2b628a0e52aa162a347dfc5d7dd8307e98fa4e1cd17e9aa597513286859a6fbc2f9a124f9b54723ff3

Download Submit
memory/2652-130-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2652-128-0x0000000000480000-0x0000000000486000-memory.dmp

Filesize
24KB

Download
memory/2652-129-0x00000000004A0000-0x000000000054E000-memory.dmp

Filesize
696KB

Download
memory/2700-115-0x0000000000560000-0x00000000006AA000-memory.dmp

Filesize
1.3MB

Download
memory/2700-116-0x0000000000560000-0x00000000006AA000-memory.dmp

Filesize
1.3MB

Download
memory/2700-117-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3308-127-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3308-126-0x0000000000B90000-0x0000000000B95000-memory.dmp

Filesize
20KB

Download
memory/3308-125-0x0000000000520000-0x000000000066A000-memory.dmp

Filesize
1.3MB

Download
memory/4068-120-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4068-118-0x0000000000430000-0x000000000057A000-memory.dmp

Filesize
1.3MB

Download
memory/4068-119-0x0000000000430000-0x000000000057A000-memory.dmp

Filesize
1.3MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads