Malware Analysis Report

2025-04-03 09:42

Sample ID 230403-p85w6sge4t
Target c7a4ef788a217224c81df6bd6b1521aef062476d19dc78b691ae4f17d04bb69c_89.185.85.249
SHA256 c7a4ef788a217224c81df6bd6b1521aef062476d19dc78b691ae4f17d04bb69c
Tags
systembc trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c7a4ef788a217224c81df6bd6b1521aef062476d19dc78b691ae4f17d04bb69c

Threat Level: Known bad

The file c7a4ef788a217224c81df6bd6b1521aef062476d19dc78b691ae4f17d04bb69c_89.185.85.249 was found to be: Known bad.

Malicious Activity Summary

systembc trojan

SystemBC

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-04-03 13:00

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-03 13:00

Reported

2023-04-03 13:03

Platform

win10v2004-20230220-en

Max time kernel

146s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c7a4ef788a217224c81df6bd6b1521aef062476d19dc78b691ae4f17d04bb69c_89.185.85.exe"

Signatures

SystemBC

trojan systembc

Processes

C:\Users\Admin\AppData\Local\Temp\c7a4ef788a217224c81df6bd6b1521aef062476d19dc78b691ae4f17d04bb69c_89.185.85.exe

"C:\Users\Admin\AppData\Local\Temp\c7a4ef788a217224c81df6bd6b1521aef062476d19dc78b691ae4f17d04bb69c_89.185.85.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 135.17.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
DE 89.185.85.249:443 tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
DE 89.185.85.249:443 tcp
US 52.152.108.96:443 tcp
DE 89.185.85.249:443 tcp
US 209.197.3.8:80 tcp
NL 8.238.177.126:80 tcp
DE 89.185.85.249:443 tcp
US 8.8.8.8:53 97.97.242.52.in-addr.arpa udp
US 8.8.8.8:53 63.13.109.52.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 97.97.242.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
DE 89.185.85.249:443 tcp
DE 89.185.85.249:443 tcp
NL 173.223.113.164:443 tcp
DE 89.185.85.249:443 tcp
DE 89.185.85.249:443 tcp
NL 173.223.113.131:80 tcp
US 204.79.197.203:80 tcp
DE 89.185.85.249:443 tcp
DE 89.185.85.249:443 tcp
DE 89.185.85.249:443 tcp
US 8.8.8.8:53 assets.msn.com udp
DE 2.16.241.97:443 assets.msn.com tcp
US 8.8.8.8:53 97.241.16.2.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
DE 89.185.85.249:443 tcp
DE 89.185.85.249:443 tcp
DE 89.185.85.249:443 tcp

Files

memory/4752-134-0x0000000002CF0000-0x0000000002CF3000-memory.dmp

memory/4752-135-0x0000000000400000-0x0000000002BA2000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-03 13:00

Reported

2023-04-03 13:03

Platform

win7-20230220-en

Max time kernel

141s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c7a4ef788a217224c81df6bd6b1521aef062476d19dc78b691ae4f17d04bb69c_89.185.85.exe"

Signatures

SystemBC

trojan systembc

Processes

C:\Users\Admin\AppData\Local\Temp\c7a4ef788a217224c81df6bd6b1521aef062476d19dc78b691ae4f17d04bb69c_89.185.85.exe

"C:\Users\Admin\AppData\Local\Temp\c7a4ef788a217224c81df6bd6b1521aef062476d19dc78b691ae4f17d04bb69c_89.185.85.exe"

Network

Country Destination Domain Proto
DE 89.185.85.249:443 tcp
DE 89.185.85.249:443 tcp
DE 89.185.85.249:443 tcp
DE 89.185.85.249:443 tcp
DE 89.185.85.249:443 tcp
DE 89.185.85.249:443 tcp
DE 89.185.85.249:443 tcp
DE 89.185.85.249:443 tcp
DE 89.185.85.249:443 tcp
DE 89.185.85.249:443 tcp
DE 89.185.85.249:443 tcp
DE 89.185.85.249:443 tcp
DE 89.185.85.249:443 tcp

Files

memory/1208-55-0x00000000001B0000-0x00000000001B3000-memory.dmp

memory/1208-56-0x0000000000400000-0x0000000002BA2000-memory.dmp