systembc | 53ca800262b15721bf8451e7999c935e65d4eb058126e3c1d4eb9942c9c60858 | Triage

Analysis

max time kernel
159s
max time network
175s
platform
windows10_x64
resource
win10-en-20211208
submitted
28-01-2022 20:51

Sharing

Report Analysis Logs

General

Target

b6b48f39779a00c8b8a6fe8ed9db1609.exe
Size

284KB
MD5

b6b48f39779a00c8b8a6fe8ed9db1609
SHA1

3ce9a028d2596d2d827d2a0e3d407a1e6ae83f81
SHA256

53ca800262b15721bf8451e7999c935e65d4eb058126e3c1d4eb9942c9c60858
SHA512

66ac08eefe461db61df8c817a593ebe5f4413d8fb35bdc1ecb6384930de8b1d5977b20c7ff77c5f3c1816687c8df0df1bf0d869367d3edd8f18b8c97a7880259

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

5.39.221.47:4001

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

b6b48f39779a00c8b8a6fe8ed9db1609.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	b6b48f39779a00c8b8a6fe8ed9db1609.exe
File opened for modification	C:\Windows\Tasks\wow64.job	b6b48f39779a00c8b8a6fe8ed9db1609.exe

C:\Users\Admin\AppData\Local\Temp\b6b48f39779a00c8b8a6fe8ed9db1609.exe
"C:\Users\Admin\AppData\Local\Temp\b6b48f39779a00c8b8a6fe8ed9db1609.exe"
1⤵
- Drops file in Windows directory
PID:3716

C:\Users\Admin\AppData\Local\Temp\b6b48f39779a00c8b8a6fe8ed9db1609.exe
C:\Users\Admin\AppData\Local\Temp\b6b48f39779a00c8b8a6fe8ed9db1609.exe start
1⤵
PID:4184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3716-115-0x0000000000030000-0x0000000000036000-memory.dmp

Filesize
24KB

Download
memory/3716-116-0x00000000001C0000-0x00000000001C5000-memory.dmp

Filesize
20KB

Download
memory/3716-117-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/4184-118-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download