systembc | c926338972be5bdfdd89574f3dc2fe4d4f70fd4e24c1c6ac5d2439c7fcc50db5

Analysis

Target

module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe
Size

1.4MB
MD5

ae3f6af06a02781e995650761b3a82c6
SHA1

ded2009c9a5645c7582b4d1e9bc2e7133689a774
SHA256

c926338972be5bdfdd89574f3dc2fe4d4f70fd4e24c1c6ac5d2439c7fcc50db5
SHA512

31c1009b7b658645b3371c8a7ee6e6953a50b42e529ee69365742b0f7deea1fcc90adf90e6b1522fff998a232a6abef8139003698da0b15856923ad202e4602f

Score

10^/10

systembc trojan

Family

systembc

96.30.196.207:4177

45.32.132.182:4177

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe

description	ioc	Process
File opened for modification	C:\Windows\Tasks\wow64.job	module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe
File created	C:\Windows\Tasks\wow64.job	module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe

C:\Users\Admin\AppData\Local\Temp\module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe
"C:\Users\Admin\AppData\Local\Temp\module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe"
1⤵
- Drops file in Windows directory
PID:2648

C:\Users\Admin\AppData\Local\Temp\module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe
C:\Users\Admin\AppData\Local\Temp\module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe start
1⤵
PID:2816

memory/2648-130-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/2648-131-0x0000000002450000-0x0000000002455000-memory.dmp

Filesize
20KB

Download
memory/2648-132-0x0000000000400000-0x0000000000568000-memory.dmp

Filesize
1.4MB

Download
memory/2816-133-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/2816-134-0x0000000000400000-0x0000000000568000-memory.dmp

Filesize
1.4MB

Download