Overview

overview

10

Static

static

8

bac4b948f4...25.exe

windows7_x64

10

bac4b948f4...25.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    193s
  • max time network
    206s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    19-03-2022 18:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bac4b948f4a8cb9c61c6167c7aa814affe670e527190aacf4f31eace55236d25.exe

  • Size

    243KB

  • MD5

    15f32b4f39a69e327b285b6cd2dd2cb9

  • SHA1

    49ca0b152b2001febfe89d4ff2bea2f989a9a819

  • SHA256

    bac4b948f4a8cb9c61c6167c7aa814affe670e527190aacf4f31eace55236d25

  • SHA512

    301893a9827946bd478255cc9cbc054c21a422e76bad3f0ded321d264ff14947e1736dd66cedc236a9d82afcd0c2f0c40f5a91d57266ee49acdc6acd14767f84

Score
10/10
systembctrojanupx

Malware Config

Extracted

Family

systembc

C2

dec15coma.com:4039

dec15coma.xyz:4039

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications 1 TTPs

    Malware can proxy its traffic through Tor for more anonymity.

  • Drops file in Windows directory 2 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bac4b948f4a8cb9c61c6167c7aa814affe670e527190aacf4f31eace55236d25.exe
    "C:\Users\Admin\AppData\Local\Temp\bac4b948f4a8cb9c61c6167c7aa814affe670e527190aacf4f31eace55236d25.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:1224
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 972
      2⤵
      • Program crash
      PID:396
  • C:\ProgramData\xgku\bmab.exe
    C:\ProgramData\xgku\bmab.exe start
    1⤵
    • Executes dropped EXE
    PID:4744
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1224 -ip 1224
    1⤵
      PID:376

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\xgku\bmab.exe
      MD5

      15f32b4f39a69e327b285b6cd2dd2cb9

      SHA1

      49ca0b152b2001febfe89d4ff2bea2f989a9a819

      SHA256

      bac4b948f4a8cb9c61c6167c7aa814affe670e527190aacf4f31eace55236d25

      SHA512

      301893a9827946bd478255cc9cbc054c21a422e76bad3f0ded321d264ff14947e1736dd66cedc236a9d82afcd0c2f0c40f5a91d57266ee49acdc6acd14767f84

      Download Submit
    • C:\ProgramData\xgku\bmab.exe
      MD5

      15f32b4f39a69e327b285b6cd2dd2cb9

      SHA1

      49ca0b152b2001febfe89d4ff2bea2f989a9a819

      SHA256

      bac4b948f4a8cb9c61c6167c7aa814affe670e527190aacf4f31eace55236d25

      SHA512

      301893a9827946bd478255cc9cbc054c21a422e76bad3f0ded321d264ff14947e1736dd66cedc236a9d82afcd0c2f0c40f5a91d57266ee49acdc6acd14767f84

      Download Submit
    • memory/1224-130-0x0000000005382000-0x0000000005389000-memory.dmp
      Filesize

      28KB

      Download
    • memory/1224-131-0x0000000005382000-0x0000000005389000-memory.dmp
      Filesize

      28KB

      Download
    • memory/1224-132-0x00000000001C0000-0x00000000001C9000-memory.dmp
      Filesize

      36KB

      Download
    • memory/1224-133-0x0000000000400000-0x000000000516B000-memory.dmp
      Filesize

      77.4MB

      Download
    • memory/4744-136-0x00000000054FD000-0x0000000005504000-memory.dmp
      Filesize

      28KB

      Download
    • memory/4744-137-0x00000000054FD000-0x0000000005504000-memory.dmp
      Filesize

      28KB

      Download
    • memory/4744-138-0x0000000000030000-0x0000000000039000-memory.dmp
      Filesize

      36KB

      Download
    • memory/4744-139-0x0000000000400000-0x000000000516B000-memory.dmp
      Filesize

      77.4MB

      Download