systembc | 1f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84

General

Target

1f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84.exe
Size

149KB
MD5

23e0db71f3d2182bb78ed5aaed6dbe31
SHA1

bdd3f63038f0c5cb80812289694da6e1d81b74ed
SHA256

1f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84
SHA512

03964f4dae03248bf3458d15334046632fc7ccc843f23f2b628a0e52aa162a347dfc5d7dd8307e98fa4e1cd17e9aa597513286859a6fbc2f9a124f9b54723ff3

Score

10^/10

systembc suricata trojan

Malware Config

Extracted

Family

systembc

C2

45.156.26.59:4179

217.182.46.152:4179

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata
Downloads MZ/PE file
Executes dropped EXE 2 IoCs

Processes:

qaobign.exeqaobign.exe

pid process

680 qaobign.exe
1156 qaobign.exe

pid	process
680	qaobign.exe
1156	qaobign.exe

Drops file in Windows directory 5 IoCs

Processes:

qaobign.exe1f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84.exe1f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84.exe

description	ioc	process
File opened for modification	C:\Windows\Tasks\wow64.job	qaobign.exe
File created	C:\Windows\Tasks\wow64.job	1f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84.exe
File opened for modification	C:\Windows\Tasks\wow64.job	1f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84.exe
File created	C:\Windows\Tasks\vmcsulnqikjbqiafogw.job	1f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84.exe
File created	C:\Windows\Tasks\wow64.job	qaobign.exe

C:\Users\Admin\AppData\Local\Temp\1f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84.exe
"C:\Users\Admin\AppData\Local\Temp\1f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84.exe"
1⤵
- Drops file in Windows directory
PID:3140

C:\Users\Admin\AppData\Local\Temp\1f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84.exe
C:\Users\Admin\AppData\Local\Temp\1f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84.exe start
1⤵
- Drops file in Windows directory
PID:692

C:\Windows\TEMP\qaobign.exe
C:\Windows\TEMP\qaobign.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:680

C:\Windows\TEMP\qaobign.exe
C:\Windows\TEMP\qaobign.exe start
1⤵
- Executes dropped EXE
PID:1156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\TEMP\qaobign.exe

MD5
23e0db71f3d2182bb78ed5aaed6dbe31

SHA1
bdd3f63038f0c5cb80812289694da6e1d81b74ed

SHA256
1f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84

SHA512
03964f4dae03248bf3458d15334046632fc7ccc843f23f2b628a0e52aa162a347dfc5d7dd8307e98fa4e1cd17e9aa597513286859a6fbc2f9a124f9b54723ff3

Download Submit
C:\Windows\Tasks\wow64.job

MD5
4318e03ecb3d1e948e9f5aee119ef673

SHA1
d90700f32be763e4fad3e1bd18da8ef227bbac89

SHA256
5325e8af5a48390b1b4ea003519fcaa8da928b830b715e2efa308dafe735c3cf

SHA512
5b8092e7a03da2460a7cbba965ece644222d02f3c69cad95c276232fc4b92f5bd6d19970f5c199ba564c22d9c6be89061c2ee01830375bc0485085d2a82b38a3

Download Submit
C:\Windows\Temp\qaobign.exe

MD5
23e0db71f3d2182bb78ed5aaed6dbe31

SHA1
bdd3f63038f0c5cb80812289694da6e1d81b74ed

SHA256
1f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84

SHA512
03964f4dae03248bf3458d15334046632fc7ccc843f23f2b628a0e52aa162a347dfc5d7dd8307e98fa4e1cd17e9aa597513286859a6fbc2f9a124f9b54723ff3

Download Submit
C:\Windows\Temp\qaobign.exe

MD5
23e0db71f3d2182bb78ed5aaed6dbe31

SHA1
bdd3f63038f0c5cb80812289694da6e1d81b74ed

SHA256
1f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84

SHA512
03964f4dae03248bf3458d15334046632fc7ccc843f23f2b628a0e52aa162a347dfc5d7dd8307e98fa4e1cd17e9aa597513286859a6fbc2f9a124f9b54723ff3

Download Submit
memory/680-124-0x0000000000430000-0x000000000057A000-memory.dmp

Filesize
1.3MB

Download
memory/680-123-0x0000000000430000-0x000000000057A000-memory.dmp

Filesize
1.3MB

Download
memory/680-125-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/692-118-0x0000000000580000-0x0000000000586000-memory.dmp

Filesize
24KB

Download
memory/692-119-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1156-127-0x0000000000430000-0x00000000004DE000-memory.dmp

Filesize
696KB

Download
memory/1156-128-0x0000000000430000-0x00000000004DE000-memory.dmp

Filesize
696KB

Download
memory/1156-129-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3140-117-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3140-116-0x0000000002150000-0x0000000002155000-memory.dmp

Filesize
20KB

Download
memory/3140-115-0x0000000000520000-0x000000000066A000-memory.dmp

Filesize
1.3MB

Download

Analysis

Sharing