systembc | 42eb6fcf205d9b6e03bf2ee53945825f5b43fc97d517d145df6e08904e3aebac

Analysis

max time kernel
116s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-01-2023 18:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42eb6fcf205d9b6e03bf2ee53945825f5b43fc97d517d145df6e08904e3aebac.exe
Size

122KB
MD5

5f866e1c597b23ae2df3f60545b36888
SHA1

864d6aa509ca82f4a0bc832a24f629fcaf432f73
SHA256

42eb6fcf205d9b6e03bf2ee53945825f5b43fc97d517d145df6e08904e3aebac
SHA512

59f132b74135742bf7b5ba7a065090762e685b78890a623adc99849a2e115b3555069f6f196bcebc5fa73f2bbd2509e4b7a108210b37b280f42fc384ad16524b
SSDEEP

3072:d98eW81vrk4AZuZoJ7irczoZp9mp8YD2n+h3Z:A0RrkXZuA7ircEZp9mp8YD2ng

Score

10^/10

systembc trojan upx

Malware Config

Extracted

Family

systembc

185.197.74.227:4053

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc
Executes dropped EXE 2 IoCs

Processes:

qeiugn.exeqeiugn.exe

pid process

4924 qeiugn.exe
3204 qeiugn.exe

pid	process
4924	qeiugn.exe
3204	qeiugn.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/788-132-0x0000000000400000-0x0000000000A43000-memory.dmp	upx
C:\ProgramData\ilhe\qeiugn.exe	upx
C:\ProgramData\ilhe\qeiugn.exe	upx
behavioral2/memory/4924-139-0x0000000000400000-0x0000000000A43000-memory.dmp	upx
C:\ProgramData\ilhe\qeiugn.exe	upx

Drops file in Windows directory 2 IoCs

Processes:

42eb6fcf205d9b6e03bf2ee53945825f5b43fc97d517d145df6e08904e3aebac.exe

description	ioc	process
File created	C:\Windows\Tasks\corolina17.job	42eb6fcf205d9b6e03bf2ee53945825f5b43fc97d517d145df6e08904e3aebac.exe
File opened for modification	C:\Windows\Tasks\corolina17.job	42eb6fcf205d9b6e03bf2ee53945825f5b43fc97d517d145df6e08904e3aebac.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

42eb6fcf205d9b6e03bf2ee53945825f5b43fc97d517d145df6e08904e3aebac.exe

pid	process
788	42eb6fcf205d9b6e03bf2ee53945825f5b43fc97d517d145df6e08904e3aebac.exe
788	42eb6fcf205d9b6e03bf2ee53945825f5b43fc97d517d145df6e08904e3aebac.exe

C:\Users\Admin\AppData\Local\Temp\42eb6fcf205d9b6e03bf2ee53945825f5b43fc97d517d145df6e08904e3aebac.exe
"C:\Users\Admin\AppData\Local\Temp\42eb6fcf205d9b6e03bf2ee53945825f5b43fc97d517d145df6e08904e3aebac.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:788

C:\ProgramData\ilhe\qeiugn.exe
C:\ProgramData\ilhe\qeiugn.exe start2
1⤵
- Executes dropped EXE
PID:4924

C:\ProgramData\ilhe\qeiugn.exe
C:\ProgramData\ilhe\qeiugn.exe start2
1⤵
- Executes dropped EXE
PID:3204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\ilhe\qeiugn.exe
Filesize
122KB

MD5
5f866e1c597b23ae2df3f60545b36888

SHA1
864d6aa509ca82f4a0bc832a24f629fcaf432f73

SHA256
42eb6fcf205d9b6e03bf2ee53945825f5b43fc97d517d145df6e08904e3aebac

SHA512
59f132b74135742bf7b5ba7a065090762e685b78890a623adc99849a2e115b3555069f6f196bcebc5fa73f2bbd2509e4b7a108210b37b280f42fc384ad16524b

Download Submit
C:\ProgramData\ilhe\qeiugn.exe
Filesize
122KB

MD5
5f866e1c597b23ae2df3f60545b36888

SHA1
864d6aa509ca82f4a0bc832a24f629fcaf432f73

SHA256
42eb6fcf205d9b6e03bf2ee53945825f5b43fc97d517d145df6e08904e3aebac

SHA512
59f132b74135742bf7b5ba7a065090762e685b78890a623adc99849a2e115b3555069f6f196bcebc5fa73f2bbd2509e4b7a108210b37b280f42fc384ad16524b

Download Submit
C:\ProgramData\ilhe\qeiugn.exe
Filesize
122KB

MD5
5f866e1c597b23ae2df3f60545b36888

SHA1
864d6aa509ca82f4a0bc832a24f629fcaf432f73

SHA256
42eb6fcf205d9b6e03bf2ee53945825f5b43fc97d517d145df6e08904e3aebac

SHA512
59f132b74135742bf7b5ba7a065090762e685b78890a623adc99849a2e115b3555069f6f196bcebc5fa73f2bbd2509e4b7a108210b37b280f42fc384ad16524b

Download Submit
memory/788-132-0x0000000000400000-0x0000000000A43000-memory.dmp

Filesize
6.3MB

Download
memory/788-134-0x0000000000AE6000-0x0000000000AE9000-memory.dmp

Filesize
12KB

Download
memory/788-133-0x0000000000AE6000-0x0000000000AE9000-memory.dmp

Filesize
12KB

Download
memory/788-135-0x0000000000400000-0x0000000000A43000-memory.dmp

Filesize
6.3MB

Download
memory/788-142-0x0000000000400000-0x0000000000A43000-memory.dmp

Filesize
6.3MB

Download
memory/3204-147-0x0000000000D59000-0x0000000000D5D000-memory.dmp

Filesize
16KB

Download
memory/3204-146-0x0000000000400000-0x0000000000A43000-memory.dmp

Filesize
6.3MB

Download
memory/3204-145-0x0000000000D59000-0x0000000000D5D000-memory.dmp

Filesize
16KB

Download
memory/4924-139-0x0000000000400000-0x0000000000A43000-memory.dmp

Filesize
6.3MB

Download
memory/4924-143-0x0000000000400000-0x0000000000A43000-memory.dmp

Filesize
6.3MB

Download
memory/4924-141-0x0000000000400000-0x0000000000A43000-memory.dmp

Filesize
6.3MB

Download
memory/4924-140-0x0000000000BE5000-0x0000000000BE8000-memory.dmp

Filesize
12KB

Download
memory/4924-138-0x0000000000BE5000-0x0000000000BE8000-memory.dmp

Filesize
12KB

Download