systembc | ss64[.]dll | Triage

Submit
Reports

Overview

overview

Static

static

ss64.dll

windows7_x64

8

ss64.dll

windows10-2004_x64

8

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

ss64.dll

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ss64.dll

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

General

Target

ss64.dll
Size

18KB
MD5

cfbf1cb96b31132ddbd8074180487b70
SHA1

d8cc1b0fcd85365708396cbd8c91a479c5739a2a
SHA256

80748d742c31afee1d1db90ee3c1f3212d48a683482ff0e7f37b721b03001a1b
SHA512

b0349ed3333b2db5e7273e86d382c521ce3f2354c67b610a7844c28f067ba7e9fbb88853ad6567f4485d1f670e0127ee15f1149cf71e00238a291f96c614bbd0
SSDEEP

384:L3qHtu750gtxCYLcHtcWajpOnM/uQ9p/mvm12MGSs4:L3Qgk/arfevmk

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

C2

93.115.25.139:443

localhost.exchange:443

Signatures

Systembc family
systembc

Files

ss64.dll
.dll windows x64

bb5490a497d4a5ce59005ca1d1aacc2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

wsprintfA

ws2_32

getaddrinfo
closesocket
shutdown
send
setsockopt
freeaddrinfo
recv
WSAIoctl
select
connect
inet_ntoa
inet_addr
htons
ioctlsocket
WSAStartup
socket

advapi32

GetTokenInformation
OpenProcessToken
GetSidSubAuthority

kernel32

WriteFile
SetFilePointer
CreateFileA
VirtualFree
LocalFree
LocalAlloc
SystemTimeToFileTime
SetEvent
WaitForSingleObject
ExitThread
CloseHandle
CreateThread
GetTempPathA
GetVolumeInformationA
Sleep
CreateEventA
GetCurrentProcess
FileTimeToSystemTime
GetLocalTime
VirtualAlloc

secur32

GetUserNameExA
GetUserNameExW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

Exports

Exports

rundll

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 595B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy