Overview

overview

10

Static

static

5

b5ed2d8ade...3e.exe

windows7-x64

10

b5ed2d8ade...3e.exe

windows10-1703-x64

10

b5ed2d8ade...3e.exe

windows10-2004-x64

10

Resubmissions

02-03-2023 23:34

230302-3kwv9afd37 10

19-01-2023 12:39

230119-pvlw5sch4y 5

Analysis

  • max time kernel
    1229s
  • max time network
    1797s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-03-2023 23:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b5ed2d8ade543409aa3ce182dd61a03e.exe

  • Size

    1.3MB

  • MD5

    b5ed2d8ade543409aa3ce182dd61a03e

  • SHA1

    808c2ad2d0ffbb51a353bb7a8a4e6c52bbf8928e

  • SHA256

    6779c5bd995a94b8e53173cd3be2e59adcca2f9775674dc681565eef4197627e

  • SHA512

    89fcb252d3af7e38d536b67baac5d4eccae7a468cbf2e3381b8453d9a13aa2d556e95b13e352040947d5d62f11c6c60c1d8034dcdb9ebaf04005f144bf1e5e61

  • SSDEEP

    24576:eAHnh+eWsN3skA4RV1Hom2KXMmHayQxvgyx7lfsc7du+VAjpT5:Jh+ZkldoPK8Ya3Bgy3fsc7du+V4z

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

212.118.36.165:4193

46.151.26.42:4193

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b5ed2d8ade543409aa3ce182dd61a03e.exe
    "C:\Users\Admin\AppData\Local\Temp\b5ed2d8ade543409aa3ce182dd61a03e.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:5060
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
      2⤵
        PID:3268

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3268-134-0x0000000000400000-0x0000000000406000-memory.dmp

      Filesize

      24KB

      Download

    • memory/3268-135-0x0000000000400000-0x0000000000406000-memory.dmp

      Filesize

      24KB

      Download

    • memory/3268-138-0x0000000000400000-0x0000000000406000-memory.dmp

      Filesize

      24KB

      Download

    • memory/3268-139-0x0000000000400000-0x0000000000406000-memory.dmp

      Filesize

      24KB

      Download

    • memory/5060-137-0x0000000002441000-0x0000000002447000-memory.dmp

      Filesize

      24KB

      Download