Overview

overview

10

Static

static

10

a95c29de83...b3.exe

windows7-x64

10

a95c29de83...b3.exe

windows10-2004-x64

10

Resubmissions

09-04-2024 15:25

240409-stwazaeb2v 10

09-04-2024 15:25

240409-stvpfaeb2s 10

09-04-2024 15:25

240409-stvdnsaf77 10

09-04-2024 15:25

240409-stryjsea9x 10

13-01-2023 16:48

230113-va4jcaae56 10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-01-2023 16:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a95c29de8321dd4dc8b9676ec640e7b3.exe

  • Size

    32KB

  • MD5

    a95c29de8321dd4dc8b9676ec640e7b3

  • SHA1

    d9ef0d8e14ddba29ab8e39779e616344440d8f75

  • SHA256

    7616efcd937ca8fd237f3afa86aea2294844d00cd1100b75660b4925ad88924b

  • SHA512

    d6ee8ea621bd1a0de0046773459316eec5a4f04077f90002d48f997e64758cf6fea7d80e4e7337dc95a4827233f0da937fb9228d5a15867043d097ee73da6acf

  • SSDEEP

    768:3Ta1PsXQ0yVmQvcs27NOJtyuv09gnoJCvcror:SsXQ0yVN2gV0Gno

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

dec15coma.com:4039

dec15coma.xyz:4039

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications 1 TTPs

    Malware can proxy its traffic through Tor for more anonymity.

  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a95c29de8321dd4dc8b9676ec640e7b3.exe
    "C:\Users\Admin\AppData\Local\Temp\a95c29de8321dd4dc8b9676ec640e7b3.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:2484
  • C:\ProgramData\fodkrx\jpbueu.exe
    C:\ProgramData\fodkrx\jpbueu.exe start
    1⤵
    • Executes dropped EXE
    PID:3408

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

1
T1090

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\fodkrx\jpbueu.exe
    Filesize

    32KB

    MD5

    a95c29de8321dd4dc8b9676ec640e7b3

    SHA1

    d9ef0d8e14ddba29ab8e39779e616344440d8f75

    SHA256

    7616efcd937ca8fd237f3afa86aea2294844d00cd1100b75660b4925ad88924b

    SHA512

    d6ee8ea621bd1a0de0046773459316eec5a4f04077f90002d48f997e64758cf6fea7d80e4e7337dc95a4827233f0da937fb9228d5a15867043d097ee73da6acf

    Download Submit
  • C:\ProgramData\fodkrx\jpbueu.exe
    Filesize

    32KB

    MD5

    a95c29de8321dd4dc8b9676ec640e7b3

    SHA1

    d9ef0d8e14ddba29ab8e39779e616344440d8f75

    SHA256

    7616efcd937ca8fd237f3afa86aea2294844d00cd1100b75660b4925ad88924b

    SHA512

    d6ee8ea621bd1a0de0046773459316eec5a4f04077f90002d48f997e64758cf6fea7d80e4e7337dc95a4827233f0da937fb9228d5a15867043d097ee73da6acf

    Download Submit