systembc | 240ee6db893981a6dd47ffc0932dcf343d09517e8aebc07dc712e6745ee59a27 | Triage

Analysis

max time kernel
110s
max time network
144s
platform
windows10_x64
resource
win10-en-20211104
submitted
25-11-2021 07:46

Sharing

Report Analysis Logs

General

Target

240ee6db893981a6dd47ffc0932dcf343d09517e8aebc07dc712e6745ee59a27.exe
Size

296KB
MD5

aecd79e61e087039809b61fe69802c21
SHA1

3dd2487251cb032074b1e0ab9d2f51dc1441de93
SHA256

240ee6db893981a6dd47ffc0932dcf343d09517e8aebc07dc712e6745ee59a27
SHA512

d60b096f79063b28220f64222157c8639561d56565c955921824e43c6df086ae3886acec7ca70d290e331032009269e389cd8ad710d389e105fe3f02dce4ca92

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

178.20.41.173:4001

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

240ee6db893981a6dd47ffc0932dcf343d09517e8aebc07dc712e6745ee59a27.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	240ee6db893981a6dd47ffc0932dcf343d09517e8aebc07dc712e6745ee59a27.exe
File opened for modification	C:\Windows\Tasks\wow64.job	240ee6db893981a6dd47ffc0932dcf343d09517e8aebc07dc712e6745ee59a27.exe

C:\Users\Admin\AppData\Local\Temp\240ee6db893981a6dd47ffc0932dcf343d09517e8aebc07dc712e6745ee59a27.exe
"C:\Users\Admin\AppData\Local\Temp\240ee6db893981a6dd47ffc0932dcf343d09517e8aebc07dc712e6745ee59a27.exe"
1⤵
- Drops file in Windows directory
PID:3476

C:\Users\Admin\AppData\Local\Temp\240ee6db893981a6dd47ffc0932dcf343d09517e8aebc07dc712e6745ee59a27.exe
C:\Users\Admin\AppData\Local\Temp\240ee6db893981a6dd47ffc0932dcf343d09517e8aebc07dc712e6745ee59a27.exe start
1⤵
PID:4336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3476-119-0x0000000001D20000-0x0000000001D25000-memory.dmp

Filesize
20KB

Download
memory/3476-120-0x0000000000400000-0x0000000001C00000-memory.dmp

Filesize
24.0MB

Download
memory/4336-121-0x0000000001F8E000-0x0000000001F9E000-memory.dmp

Filesize
64KB

Download
memory/4336-122-0x0000000000400000-0x0000000001C00000-memory.dmp

Filesize
24.0MB

Download