systembc | c7d33553a845211c891f4ca4699913c57ad86cdc4e579b1f40a5bbb22a78125c

General

Target

c7d33553a845211c891f4ca4699913c57ad86cdc4e579b1f40a5bbb22a78125c.exe
Size

233KB
MD5

5fa7abafc2ceb94b26f1e5c39af2cd20
SHA1

1d94718fb275269042cac5edec8f48eba305d253
SHA256

c7d33553a845211c891f4ca4699913c57ad86cdc4e579b1f40a5bbb22a78125c
SHA512

f281b42ac49d3a20e65c96679ebf0d2ad93c4a8a8f12f62c8745276ca5a3a9114afad0117a61c7ba0d78f6c5e83127bcbbb07c671297e3509d52592a17b33a9b

Score

10^/10

systembc suricata trojan

Malware Config

Extracted

Family

systembc

C2

31.44.185.6:4001

31.44.185.11:4001

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata
suricata: ET MALWARE Win32/SystemBC CnC Checkin
suricata: ET MALWARE Win32/SystemBC CnC Checkin
suricata
Downloads MZ/PE file
Executes dropped EXE 3 IoCs

Processes:

iqqbtf.exebxhl.exernhuv.exe

pid process

2324 iqqbtf.exe
3948 bxhl.exe
3968 rnhuv.exe

pid	process
2324	iqqbtf.exe
3948	bxhl.exe
3968	rnhuv.exe

Drops file in Windows directory 5 IoCs

Processes:

c7d33553a845211c891f4ca4699913c57ad86cdc4e579b1f40a5bbb22a78125c.exeiqqbtf.exebxhl.exe

description	ioc	process
File created	C:\Windows\Tasks\iqqbtf.job	c7d33553a845211c891f4ca4699913c57ad86cdc4e579b1f40a5bbb22a78125c.exe
File opened for modification	C:\Windows\Tasks\iqqbtf.job	c7d33553a845211c891f4ca4699913c57ad86cdc4e579b1f40a5bbb22a78125c.exe
File created	C:\Windows\Tasks\rbobamlawgjwujhuscf.job	iqqbtf.exe
File created	C:\Windows\Tasks\rnhuv.job	bxhl.exe
File opened for modification	C:\Windows\Tasks\rnhuv.job	bxhl.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

c7d33553a845211c891f4ca4699913c57ad86cdc4e579b1f40a5bbb22a78125c.exebxhl.exe

pid	process
3596	c7d33553a845211c891f4ca4699913c57ad86cdc4e579b1f40a5bbb22a78125c.exe
3596	c7d33553a845211c891f4ca4699913c57ad86cdc4e579b1f40a5bbb22a78125c.exe
3948	bxhl.exe
3948	bxhl.exe

C:\Users\Admin\AppData\Local\Temp\c7d33553a845211c891f4ca4699913c57ad86cdc4e579b1f40a5bbb22a78125c.exe
"C:\Users\Admin\AppData\Local\Temp\c7d33553a845211c891f4ca4699913c57ad86cdc4e579b1f40a5bbb22a78125c.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:3596

C:\ProgramData\ssodh\iqqbtf.exe
C:\ProgramData\ssodh\iqqbtf.exe start
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2324

C:\Windows\TEMP\bxhl.exe
C:\Windows\TEMP\bxhl.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:3948

C:\ProgramData\glcs\rnhuv.exe
C:\ProgramData\glcs\rnhuv.exe start
1⤵
- Executes dropped EXE
PID:3968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\glcs\rnhuv.exe
MD5
5fa7abafc2ceb94b26f1e5c39af2cd20

SHA1
1d94718fb275269042cac5edec8f48eba305d253

SHA256
c7d33553a845211c891f4ca4699913c57ad86cdc4e579b1f40a5bbb22a78125c

SHA512
f281b42ac49d3a20e65c96679ebf0d2ad93c4a8a8f12f62c8745276ca5a3a9114afad0117a61c7ba0d78f6c5e83127bcbbb07c671297e3509d52592a17b33a9b

Download Submit
C:\ProgramData\glcs\rnhuv.exe
MD5
5fa7abafc2ceb94b26f1e5c39af2cd20

SHA1
1d94718fb275269042cac5edec8f48eba305d253

SHA256
c7d33553a845211c891f4ca4699913c57ad86cdc4e579b1f40a5bbb22a78125c

SHA512
f281b42ac49d3a20e65c96679ebf0d2ad93c4a8a8f12f62c8745276ca5a3a9114afad0117a61c7ba0d78f6c5e83127bcbbb07c671297e3509d52592a17b33a9b

Download Submit
C:\ProgramData\ssodh\iqqbtf.exe
MD5
5fa7abafc2ceb94b26f1e5c39af2cd20

SHA1
1d94718fb275269042cac5edec8f48eba305d253

SHA256
c7d33553a845211c891f4ca4699913c57ad86cdc4e579b1f40a5bbb22a78125c

SHA512
f281b42ac49d3a20e65c96679ebf0d2ad93c4a8a8f12f62c8745276ca5a3a9114afad0117a61c7ba0d78f6c5e83127bcbbb07c671297e3509d52592a17b33a9b

Download Submit
C:\ProgramData\ssodh\iqqbtf.exe
MD5
5fa7abafc2ceb94b26f1e5c39af2cd20

SHA1
1d94718fb275269042cac5edec8f48eba305d253

SHA256
c7d33553a845211c891f4ca4699913c57ad86cdc4e579b1f40a5bbb22a78125c

SHA512
f281b42ac49d3a20e65c96679ebf0d2ad93c4a8a8f12f62c8745276ca5a3a9114afad0117a61c7ba0d78f6c5e83127bcbbb07c671297e3509d52592a17b33a9b

Download Submit
C:\Windows\TEMP\bxhl.exe
MD5
5fa7abafc2ceb94b26f1e5c39af2cd20

SHA1
1d94718fb275269042cac5edec8f48eba305d253

SHA256
c7d33553a845211c891f4ca4699913c57ad86cdc4e579b1f40a5bbb22a78125c

SHA512
f281b42ac49d3a20e65c96679ebf0d2ad93c4a8a8f12f62c8745276ca5a3a9114afad0117a61c7ba0d78f6c5e83127bcbbb07c671297e3509d52592a17b33a9b

Download Submit
C:\Windows\Tasks\iqqbtf.job
MD5
e42cf2311fbc547d9cbd6761c39c811b

SHA1
4878db862c251c6745eb39c6b5dc6279af7d97b1

SHA256
82ac28ca40b879112f42978d6f63e4e0c9127166f23a8f4b5ba16b3167062a77

SHA512
42235d1b2784d57966766d0bb35292d11071313fa4959a7109dc060e5ee70790f2b2f1dc714f88ba8be21c5fba7694f53258d66e615d20e4d3ce32e025e3e667

Download Submit
C:\Windows\Temp\bxhl.exe
MD5
5fa7abafc2ceb94b26f1e5c39af2cd20

SHA1
1d94718fb275269042cac5edec8f48eba305d253

SHA256
c7d33553a845211c891f4ca4699913c57ad86cdc4e579b1f40a5bbb22a78125c

SHA512
f281b42ac49d3a20e65c96679ebf0d2ad93c4a8a8f12f62c8745276ca5a3a9114afad0117a61c7ba0d78f6c5e83127bcbbb07c671297e3509d52592a17b33a9b

Download Submit
memory/2324-123-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download
memory/2324-122-0x00000000004D0000-0x000000000061A000-memory.dmp

Filesize
1.3MB

Download
memory/2324-121-0x00000000004D0000-0x000000000061A000-memory.dmp

Filesize
1.3MB

Download
memory/3596-115-0x0000000000470000-0x00000000005BA000-memory.dmp

Filesize
1.3MB

Download
memory/3596-117-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download
memory/3596-116-0x00000000001E0000-0x00000000001E9000-memory.dmp

Filesize
36KB

Download
memory/3948-128-0x00000000005A0000-0x00000000006EA000-memory.dmp

Filesize
1.3MB

Download
memory/3948-129-0x00000000005A0000-0x00000000006EA000-memory.dmp

Filesize
1.3MB

Download
memory/3948-130-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download
memory/3968-133-0x0000000000767000-0x0000000000770000-memory.dmp

Filesize
36KB

Download
memory/3968-134-0x0000000000767000-0x0000000000770000-memory.dmp

Filesize
36KB

Download
memory/3968-135-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download

Analysis

Sharing