Overview

overview

10

Static

static

qxuo.exe

windows7-x64

10

qxuo.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    40s
  • max time network
    46s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-10-2022 11:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    qxuo.exe

  • Size

    280KB

  • MD5

    ea6e100e34a7472c8790b13d69aa4620

  • SHA1

    3e4d8073a6949465c68802f7cb4aadbdc2404ed8

  • SHA256

    27b02c8206e0c917a1d2e5868d315a6d6c60d09d196db82796e169cb5b1b2b4a

  • SHA512

    c2935df6879cfa637b5254d913f84f90e76710f161f665f70a3e53b23e7528f9cdedd5eb80fdc2af04da69f37a244c38346e545189afb67cbfb959780ce4823e

  • SSDEEP

    6144:geV91Qv5FNebxuQ8IffXQyov/uy2dmbFOud8ddzpy:geBQv5Fgdup+fXQyuT2dm5OqWny

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

89.40.206.121:4001

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\qxuo.exe
    "C:\Users\Admin\AppData\Local\Temp\qxuo.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:2900
  • C:\ProgramData\sohxdwm\blrnkd.exe
    C:\ProgramData\sohxdwm\blrnkd.exe start
    1⤵
    • Executes dropped EXE
    PID:1972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\sohxdwm\blrnkd.exe
    Filesize

    280KB

    MD5

    ea6e100e34a7472c8790b13d69aa4620

    SHA1

    3e4d8073a6949465c68802f7cb4aadbdc2404ed8

    SHA256

    27b02c8206e0c917a1d2e5868d315a6d6c60d09d196db82796e169cb5b1b2b4a

    SHA512

    c2935df6879cfa637b5254d913f84f90e76710f161f665f70a3e53b23e7528f9cdedd5eb80fdc2af04da69f37a244c38346e545189afb67cbfb959780ce4823e

    Download Submit
  • C:\ProgramData\sohxdwm\blrnkd.exe
    Filesize

    280KB

    MD5

    ea6e100e34a7472c8790b13d69aa4620

    SHA1

    3e4d8073a6949465c68802f7cb4aadbdc2404ed8

    SHA256

    27b02c8206e0c917a1d2e5868d315a6d6c60d09d196db82796e169cb5b1b2b4a

    SHA512

    c2935df6879cfa637b5254d913f84f90e76710f161f665f70a3e53b23e7528f9cdedd5eb80fdc2af04da69f37a244c38346e545189afb67cbfb959780ce4823e

    Download Submit
  • memory/1972-137-0x0000000000832000-0x0000000000843000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1972-138-0x0000000000400000-0x00000000005A2000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2900-132-0x00000000007F9000-0x000000000080A000-memory.dmp
    Filesize

    68KB

    Download
  • memory/2900-133-0x00000000022F0000-0x00000000022F9000-memory.dmp
    Filesize

    36KB

    Download
  • memory/2900-134-0x0000000000400000-0x00000000005A2000-memory.dmp
    Filesize

    1.6MB

    Download