Overview

overview

10

Static

static

c7d25633a9...c3.exe

windows7_x64

10

c7d25633a9...c3.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    153s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    24-03-2022 23:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c7d25633a9eb2b9262d6906e5f8ecbc249cff461ea07cd740ac2d1a72d5d07c3.exe

  • Size

    959KB

  • MD5

    c27c43f48a7c4d0b96bc66255c0ae238

  • SHA1

    6c3909b126000bb7ac3a68be1fba98235f9a60f6

  • SHA256

    c7d25633a9eb2b9262d6906e5f8ecbc249cff461ea07cd740ac2d1a72d5d07c3

  • SHA512

    8862df7c99dd72a62e5b4ea6f702d8dd912d656bd0a123800d3499ab31799c446e080b6d5e9bd628e4cb90b29a8c38c842727c617fc86e58230f7f833830d9b7

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

179.43.178.96:4141

192.168.1.149:4141

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c7d25633a9eb2b9262d6906e5f8ecbc249cff461ea07cd740ac2d1a72d5d07c3.exe
    "C:\Users\Admin\AppData\Local\Temp\c7d25633a9eb2b9262d6906e5f8ecbc249cff461ea07cd740ac2d1a72d5d07c3.exe"
    1⤵
    • Drops file in Windows directory
    PID:384
  • C:\ProgramData\jfqres\rkekwo.exe
    C:\ProgramData\jfqres\rkekwo.exe start
    1⤵
    • Executes dropped EXE
    PID:2112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\jfqres\rkekwo.exe
    MD5

    c27c43f48a7c4d0b96bc66255c0ae238

    SHA1

    6c3909b126000bb7ac3a68be1fba98235f9a60f6

    SHA256

    c7d25633a9eb2b9262d6906e5f8ecbc249cff461ea07cd740ac2d1a72d5d07c3

    SHA512

    8862df7c99dd72a62e5b4ea6f702d8dd912d656bd0a123800d3499ab31799c446e080b6d5e9bd628e4cb90b29a8c38c842727c617fc86e58230f7f833830d9b7

    Download Submit

  • C:\ProgramData\jfqres\rkekwo.exe
    MD5

    c27c43f48a7c4d0b96bc66255c0ae238

    SHA1

    6c3909b126000bb7ac3a68be1fba98235f9a60f6

    SHA256

    c7d25633a9eb2b9262d6906e5f8ecbc249cff461ea07cd740ac2d1a72d5d07c3

    SHA512

    8862df7c99dd72a62e5b4ea6f702d8dd912d656bd0a123800d3499ab31799c446e080b6d5e9bd628e4cb90b29a8c38c842727c617fc86e58230f7f833830d9b7

    Download Submit

  • memory/384-130-0x0000000002110000-0x0000000002115000-memory.dmp

    Filesize

    20KB

    Download

  • memory/384-131-0x0000000000400000-0x00000000004F0000-memory.dmp

    Filesize

    960KB

    Download

  • memory/2112-134-0x0000000000400000-0x00000000004F0000-memory.dmp

    Filesize

    960KB

    Download