systembc | 0f88cfd80dda550bf8ed08966821d84f6344fa6110b248e1148f06109c9a9f96

General

Target

0f88cfd80dda550bf8ed08966821d84f6344fa6110b248e1148f06109c9a9f96.exe
Size

253KB
MD5

5366cfb7213ba42e13f5a07ba83a6353
SHA1

958421f6fe7a2928578157c36b366578bc4e1b18
SHA256

0f88cfd80dda550bf8ed08966821d84f6344fa6110b248e1148f06109c9a9f96
SHA512

c91ec11e3b220a1723fe842329ac9fd23c468aaf7285db5d1fe47f4616e6053669d99a372e37d1055ee45ade04888b68ef35fd23b8b1f4a98e6e8a47008f6414

Score

10^/10

systembc suricata trojan

Malware Config

Extracted

Family

systembc

C2

31.44.185.6:4001

31.44.185.11:4001

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata
suricata: ET MALWARE Win32/SystemBC CnC Checkin
suricata: ET MALWARE Win32/SystemBC CnC Checkin
suricata
Downloads MZ/PE file
Executes dropped EXE 3 IoCs

Processes:

bjbj.exeetappd.exepndpo.exe

pid process

3896 bjbj.exe
3856 etappd.exe
2080 pndpo.exe

pid	process
3896	bjbj.exe
3856	etappd.exe
2080	pndpo.exe

Drops file in Windows directory 5 IoCs

Processes:

bjbj.exeetappd.exe0f88cfd80dda550bf8ed08966821d84f6344fa6110b248e1148f06109c9a9f96.exe

description	ioc	process
File created	C:\Windows\Tasks\ovajfpqtuxidmgqkwto.job	bjbj.exe
File created	C:\Windows\Tasks\pndpo.job	etappd.exe
File opened for modification	C:\Windows\Tasks\pndpo.job	etappd.exe
File created	C:\Windows\Tasks\bjbj.job	0f88cfd80dda550bf8ed08966821d84f6344fa6110b248e1148f06109c9a9f96.exe
File opened for modification	C:\Windows\Tasks\bjbj.job	0f88cfd80dda550bf8ed08966821d84f6344fa6110b248e1148f06109c9a9f96.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

0f88cfd80dda550bf8ed08966821d84f6344fa6110b248e1148f06109c9a9f96.exeetappd.exe

pid	process
3664	0f88cfd80dda550bf8ed08966821d84f6344fa6110b248e1148f06109c9a9f96.exe
3664	0f88cfd80dda550bf8ed08966821d84f6344fa6110b248e1148f06109c9a9f96.exe
3856	etappd.exe
3856	etappd.exe

C:\Users\Admin\AppData\Local\Temp\0f88cfd80dda550bf8ed08966821d84f6344fa6110b248e1148f06109c9a9f96.exe
"C:\Users\Admin\AppData\Local\Temp\0f88cfd80dda550bf8ed08966821d84f6344fa6110b248e1148f06109c9a9f96.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:3664

C:\ProgramData\jeqshcp\bjbj.exe
C:\ProgramData\jeqshcp\bjbj.exe start
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:3896

C:\Windows\TEMP\etappd.exe
C:\Windows\TEMP\etappd.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:3856

C:\ProgramData\lfkkdd\pndpo.exe
C:\ProgramData\lfkkdd\pndpo.exe start
1⤵
- Executes dropped EXE
PID:2080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\jeqshcp\bjbj.exe

Filesize
253KB

MD5
5366cfb7213ba42e13f5a07ba83a6353

SHA1
958421f6fe7a2928578157c36b366578bc4e1b18

SHA256
0f88cfd80dda550bf8ed08966821d84f6344fa6110b248e1148f06109c9a9f96

SHA512
c91ec11e3b220a1723fe842329ac9fd23c468aaf7285db5d1fe47f4616e6053669d99a372e37d1055ee45ade04888b68ef35fd23b8b1f4a98e6e8a47008f6414

Download Submit
C:\ProgramData\jeqshcp\bjbj.exe

Filesize
253KB

MD5
5366cfb7213ba42e13f5a07ba83a6353

SHA1
958421f6fe7a2928578157c36b366578bc4e1b18

SHA256
0f88cfd80dda550bf8ed08966821d84f6344fa6110b248e1148f06109c9a9f96

SHA512
c91ec11e3b220a1723fe842329ac9fd23c468aaf7285db5d1fe47f4616e6053669d99a372e37d1055ee45ade04888b68ef35fd23b8b1f4a98e6e8a47008f6414

Download Submit
C:\ProgramData\lfkkdd\pndpo.exe

Filesize
253KB

MD5
5366cfb7213ba42e13f5a07ba83a6353

SHA1
958421f6fe7a2928578157c36b366578bc4e1b18

SHA256
0f88cfd80dda550bf8ed08966821d84f6344fa6110b248e1148f06109c9a9f96

SHA512
c91ec11e3b220a1723fe842329ac9fd23c468aaf7285db5d1fe47f4616e6053669d99a372e37d1055ee45ade04888b68ef35fd23b8b1f4a98e6e8a47008f6414

Download Submit
C:\ProgramData\lfkkdd\pndpo.exe

Filesize
253KB

MD5
5366cfb7213ba42e13f5a07ba83a6353

SHA1
958421f6fe7a2928578157c36b366578bc4e1b18

SHA256
0f88cfd80dda550bf8ed08966821d84f6344fa6110b248e1148f06109c9a9f96

SHA512
c91ec11e3b220a1723fe842329ac9fd23c468aaf7285db5d1fe47f4616e6053669d99a372e37d1055ee45ade04888b68ef35fd23b8b1f4a98e6e8a47008f6414

Download Submit
C:\Windows\TEMP\etappd.exe

Filesize
253KB

MD5
5366cfb7213ba42e13f5a07ba83a6353

SHA1
958421f6fe7a2928578157c36b366578bc4e1b18

SHA256
0f88cfd80dda550bf8ed08966821d84f6344fa6110b248e1148f06109c9a9f96

SHA512
c91ec11e3b220a1723fe842329ac9fd23c468aaf7285db5d1fe47f4616e6053669d99a372e37d1055ee45ade04888b68ef35fd23b8b1f4a98e6e8a47008f6414

Download Submit
C:\Windows\Tasks\bjbj.job

Filesize
248B

MD5
2376ce3c7c72c603a207aa39bfb2b25c

SHA1
df514a7b969b1ab089d812b74efb65c647ac7e1a

SHA256
aaca85c840041b2a1a27dc9770948da1c49ffe5a684d98cfd7a2c4001ae7e5b8

SHA512
e9e01004306531b796d63c6589bf5efa94b5e0cebd58612c22a350c8df856d9bba95210662ceaab793a995d88388eaa89747ba66b632a2c9ef8e34383de628a3

Download Submit
C:\Windows\Temp\etappd.exe

Filesize
253KB

MD5
5366cfb7213ba42e13f5a07ba83a6353

SHA1
958421f6fe7a2928578157c36b366578bc4e1b18

SHA256
0f88cfd80dda550bf8ed08966821d84f6344fa6110b248e1148f06109c9a9f96

SHA512
c91ec11e3b220a1723fe842329ac9fd23c468aaf7285db5d1fe47f4616e6053669d99a372e37d1055ee45ade04888b68ef35fd23b8b1f4a98e6e8a47008f6414

Download Submit
memory/2080-134-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2080-133-0x00000000007C1000-0x00000000007D1000-memory.dmp

Filesize
64KB

Download
memory/2080-132-0x00000000007C1000-0x00000000007D1000-memory.dmp

Filesize
64KB

Download
memory/3664-114-0x0000000000666000-0x0000000000677000-memory.dmp

Filesize
68KB

Download
memory/3664-116-0x0000000000510000-0x000000000065A000-memory.dmp

Filesize
1.3MB

Download
memory/3664-115-0x0000000000666000-0x0000000000677000-memory.dmp

Filesize
68KB

Download
memory/3664-117-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/3856-126-0x00000000007F2000-0x0000000000802000-memory.dmp

Filesize
64KB

Download
memory/3856-129-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/3856-128-0x00000000007F2000-0x0000000000802000-memory.dmp

Filesize
64KB

Download
memory/3896-123-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/3896-122-0x00000000005C0000-0x00000000005C9000-memory.dmp

Filesize
36KB

Download
memory/3896-121-0x0000000000470000-0x000000000051E000-memory.dmp

Filesize
696KB

Download

Analysis

Sharing