Overview

overview

10

Static

static

b04dd6fc6f...1a.exe

windows7_x64

10

b04dd6fc6f...1a.exe

windows10_x64

10

Analysis

  • max time kernel
    121s
  • max time network
    146s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    11-12-2021 15:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b04dd6fc6f62caa7d7e1ac7dadd2f31a.exe

  • Size

    320KB

  • MD5

    b04dd6fc6f62caa7d7e1ac7dadd2f31a

  • SHA1

    e4e0bf5cf41f280c2feca64262a2b254a2abf123

  • SHA256

    fe6101b889a34ee4d74ba49b275954f242b344d2e0c4f0c0d8a1a44e1429b79b

  • SHA512

    a0c9cd205b1533311e60b77ffdd3465c42df54d4aaa1f0aa7821049ab9ed5a950336584527ecf813622e1659eb82e2446a30de89c5f964c672e1d9f1bed07ea1

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

185.209.30.180:4001

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b04dd6fc6f62caa7d7e1ac7dadd2f31a.exe
    "C:\Users\Admin\AppData\Local\Temp\b04dd6fc6f62caa7d7e1ac7dadd2f31a.exe"
    1⤵
    • Drops file in Windows directory
    PID:2828
  • C:\Users\Admin\AppData\Local\Temp\b04dd6fc6f62caa7d7e1ac7dadd2f31a.exe
    C:\Users\Admin\AppData\Local\Temp\b04dd6fc6f62caa7d7e1ac7dadd2f31a.exe start
    1⤵
      PID:2916

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2828-116-0x00000000006E1000-0x00000000006F2000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2828-117-0x0000000000030000-0x0000000000035000-memory.dmp

      Filesize

      20KB

      Download

    • memory/2828-118-0x0000000000400000-0x00000000004D1000-memory.dmp

      Filesize

      836KB

      Download

    • memory/2916-120-0x0000000000400000-0x00000000004D1000-memory.dmp

      Filesize

      836KB

      Download