systembc | 023e0ac5b8ee582ac8d8c1f36b96c8a87263e360428b0003b3159c876604be5f

General

Target

3cbe19c2cf88bfbc4eac2980aad96aa2.exe
Size

230KB
MD5

3cbe19c2cf88bfbc4eac2980aad96aa2
SHA1

3c94a02287f9307fe28a47770226098ce5081793
SHA256

023e0ac5b8ee582ac8d8c1f36b96c8a87263e360428b0003b3159c876604be5f
SHA512

c04e79744650e128156533f8d06798090a24f4852c96bf6f3506350fc101cfc4f6fe6dc2c25ec62ec343c8dc544cf6bf47d5e8f1f5ad734cb69ca26e4c645458

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

31.44.185.6:4001

31.44.185.11:4001

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc
Downloads MZ/PE file
Executes dropped EXE 3 IoCs

Processes:

tjdduff.exemjjexcv.exejksvrt.exe

pid process

4624 tjdduff.exe
212 mjjexcv.exe
3212 jksvrt.exe

pid	process
4624	tjdduff.exe
212	mjjexcv.exe
3212	jksvrt.exe

Drops file in Windows directory 5 IoCs

Processes:

3cbe19c2cf88bfbc4eac2980aad96aa2.exetjdduff.exemjjexcv.exe

description	ioc	process
File opened for modification	C:\Windows\Tasks\tjdduff.job	3cbe19c2cf88bfbc4eac2980aad96aa2.exe
File created	C:\Windows\Tasks\hiaixatupqlmhidexat.job	tjdduff.exe
File created	C:\Windows\Tasks\jksvrt.job	mjjexcv.exe
File opened for modification	C:\Windows\Tasks\jksvrt.job	mjjexcv.exe
File created	C:\Windows\Tasks\tjdduff.job	3cbe19c2cf88bfbc4eac2980aad96aa2.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3648 2820 WerFault.exe 3cbe19c2cf88bfbc4eac2980aad96aa2.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

3cbe19c2cf88bfbc4eac2980aad96aa2.exemjjexcv.exe

pid process

2820 3cbe19c2cf88bfbc4eac2980aad96aa2.exe
2820 3cbe19c2cf88bfbc4eac2980aad96aa2.exe
212 mjjexcv.exe
212 mjjexcv.exe

pid	pid_target	process	target process
3648	2820	WerFault.exe	3cbe19c2cf88bfbc4eac2980aad96aa2.exe

pid	process
2820	3cbe19c2cf88bfbc4eac2980aad96aa2.exe
2820	3cbe19c2cf88bfbc4eac2980aad96aa2.exe
212	mjjexcv.exe
212	mjjexcv.exe

C:\Users\Admin\AppData\Local\Temp\3cbe19c2cf88bfbc4eac2980aad96aa2.exe
"C:\Users\Admin\AppData\Local\Temp\3cbe19c2cf88bfbc4eac2980aad96aa2.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:2820
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 944
  2⤵
  - Program crash
  PID:3648

C:\ProgramData\abii\tjdduff.exe
C:\ProgramData\abii\tjdduff.exe start
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2820 -ip 2820
1⤵
PID:2864

C:\Windows\TEMP\mjjexcv.exe
C:\Windows\TEMP\mjjexcv.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:212

C:\ProgramData\svfh\jksvrt.exe
C:\ProgramData\svfh\jksvrt.exe start
1⤵
- Executes dropped EXE
PID:3212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\abii\tjdduff.exe

Filesize
230KB

MD5
3cbe19c2cf88bfbc4eac2980aad96aa2

SHA1
3c94a02287f9307fe28a47770226098ce5081793

SHA256
023e0ac5b8ee582ac8d8c1f36b96c8a87263e360428b0003b3159c876604be5f

SHA512
c04e79744650e128156533f8d06798090a24f4852c96bf6f3506350fc101cfc4f6fe6dc2c25ec62ec343c8dc544cf6bf47d5e8f1f5ad734cb69ca26e4c645458

Download Submit
C:\ProgramData\abii\tjdduff.exe

Filesize
230KB

MD5
3cbe19c2cf88bfbc4eac2980aad96aa2

SHA1
3c94a02287f9307fe28a47770226098ce5081793

SHA256
023e0ac5b8ee582ac8d8c1f36b96c8a87263e360428b0003b3159c876604be5f

SHA512
c04e79744650e128156533f8d06798090a24f4852c96bf6f3506350fc101cfc4f6fe6dc2c25ec62ec343c8dc544cf6bf47d5e8f1f5ad734cb69ca26e4c645458

Download Submit
C:\ProgramData\svfh\jksvrt.exe

Filesize
272KB

MD5
71ebd9fd8ea9fc4e67e52546cb45b35a

SHA1
4ce5c776e627a8b13c81b99bcf6cb4bcd7f8369a

SHA256
91e432fb78409fd8fbdbc8783b3e53b0352b207c88519c8550d72237785334b6

SHA512
5ad93d5047f68e349306d8361de4fcbc1e3694ee148c08877c5ead40d3814443ea168f715f256365fc6c73ab61aec59bd5329964d2083bf9c0a46d83e89924ff

Download Submit
C:\ProgramData\svfh\jksvrt.exe

Filesize
272KB

MD5
71ebd9fd8ea9fc4e67e52546cb45b35a

SHA1
4ce5c776e627a8b13c81b99bcf6cb4bcd7f8369a

SHA256
91e432fb78409fd8fbdbc8783b3e53b0352b207c88519c8550d72237785334b6

SHA512
5ad93d5047f68e349306d8361de4fcbc1e3694ee148c08877c5ead40d3814443ea168f715f256365fc6c73ab61aec59bd5329964d2083bf9c0a46d83e89924ff

Download Submit
C:\Windows\TEMP\mjjexcv.exe

Filesize
272KB

MD5
71ebd9fd8ea9fc4e67e52546cb45b35a

SHA1
4ce5c776e627a8b13c81b99bcf6cb4bcd7f8369a

SHA256
91e432fb78409fd8fbdbc8783b3e53b0352b207c88519c8550d72237785334b6

SHA512
5ad93d5047f68e349306d8361de4fcbc1e3694ee148c08877c5ead40d3814443ea168f715f256365fc6c73ab61aec59bd5329964d2083bf9c0a46d83e89924ff

Download Submit
C:\Windows\Tasks\tjdduff.job

Filesize
248B

MD5
37a0ed26980d93094634aceac16a3e97

SHA1
03f3001fbd7d488592ee6811bcb1bc28d17d16ef

SHA256
501c65176402745979f7c4c8cee11bdd4e2e0dc5b55490406a0a3c3cfe2d458b

SHA512
27c6c31fe85ef00ccfd8b558c6f25bff2ee037cc6c5aebea3472eaf4dbae21b92db305cfecb079c030dc8e379994c5718eddba2ece1414571fe8e9454a89e275

Download Submit
C:\Windows\Temp\mjjexcv.exe

Filesize
272KB

MD5
71ebd9fd8ea9fc4e67e52546cb45b35a

SHA1
4ce5c776e627a8b13c81b99bcf6cb4bcd7f8369a

SHA256
91e432fb78409fd8fbdbc8783b3e53b0352b207c88519c8550d72237785334b6

SHA512
5ad93d5047f68e349306d8361de4fcbc1e3694ee148c08877c5ead40d3814443ea168f715f256365fc6c73ab61aec59bd5329964d2083bf9c0a46d83e89924ff

Download Submit
memory/212-144-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/212-143-0x0000000000745000-0x000000000074E000-memory.dmp

Filesize
36KB

Download
memory/212-141-0x0000000000745000-0x000000000074E000-memory.dmp

Filesize
36KB

Download
memory/2820-130-0x000000000071C000-0x0000000000725000-memory.dmp

Filesize
36KB

Download
memory/2820-131-0x000000000071C000-0x0000000000725000-memory.dmp

Filesize
36KB

Download
memory/2820-133-0x0000000000400000-0x000000000047C000-memory.dmp

Filesize
496KB

Download
memory/2820-132-0x00000000004F0000-0x00000000004F9000-memory.dmp

Filesize
36KB

Download
memory/3212-147-0x00000000005C5000-0x00000000005CE000-memory.dmp

Filesize
36KB

Download
memory/3212-148-0x00000000005C5000-0x00000000005CE000-memory.dmp

Filesize
36KB

Download
memory/3212-149-0x0000000000400000-0x0000000000487000-memory.dmp

Filesize
540KB

Download
memory/4624-138-0x0000000000400000-0x000000000047C000-memory.dmp

Filesize
496KB

Download
memory/4624-137-0x00000000006C8000-0x00000000006D1000-memory.dmp

Filesize
36KB

Download
memory/4624-136-0x00000000006C8000-0x00000000006D1000-memory.dmp

Filesize
36KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads