systembc | 61499704920ee633ffb2baab36eb8eb70d5e0426bca584f9a4a872e4b930c417

Resubmissions

01-03-2023 10:14

03-02-2021 07:21

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-03-2023 10:14

Target

2021-02-01-SystemBC-malware-EXE.exe
Size

237KB
MD5

4506d15d2b790734ca655cfc5b79f778
SHA1

9e2392716e84b90c2c822b8a73b741af6ba02331
SHA256

61499704920ee633ffb2baab36eb8eb70d5e0426bca584f9a4a872e4b930c417
SHA512

f18d30ec47234a8a95130cd8501d92383e4384324c47b05cd34724c2dfbf4317c550ecea8dd1930f1317c0626d3cd0a299b2e84312354a083574659781ce8746
SSDEEP

3072:nDjehmqPKDfx57RDQKIVfpWiHoZhrjz/+R8Aeit1nl0L4H8Y01kyj8pFrYq02mLx:nDjYVPKrrRUthZyhXzse2021JL02e

Score

10^/10

systembc trojan

Family

systembc

109.234.39.169:4001

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

2021-02-01-SystemBC-malware-EXE.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	2021-02-01-SystemBC-malware-EXE.exe
File opened for modification	C:\Windows\Tasks\wow64.job	2021-02-01-SystemBC-malware-EXE.exe

C:\Users\Admin\AppData\Local\Temp\2021-02-01-SystemBC-malware-EXE.exe
"C:\Users\Admin\AppData\Local\Temp\2021-02-01-SystemBC-malware-EXE.exe"
1⤵
- Drops file in Windows directory
PID:2024

C:\Users\Admin\AppData\Local\Temp\2021-02-01-SystemBC-malware-EXE.exe
C:\Users\Admin\AppData\Local\Temp\2021-02-01-SystemBC-malware-EXE.exe start
1⤵
PID:4616

memory/2024-136-0x0000000004020000-0x0000000004025000-memory.dmp

Filesize
20KB

Download
memory/2024-137-0x0000000000400000-0x00000000022DC000-memory.dmp

Filesize
30.9MB

Download
memory/2024-146-0x0000000000400000-0x00000000022DC000-memory.dmp

Filesize
30.9MB

Download
memory/4616-154-0x0000000000400000-0x00000000022DC000-memory.dmp

Filesize
30.9MB

Download