Malware Analysis Report

2025-04-03 09:43

Sample ID 230417-f8mk6adb42
Target s_443.zip
SHA256 bc1cb519cb55bd1063779aafd3349c15457ad1ee2ce53608b4238b0276eace6e
Tags
systembc trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bc1cb519cb55bd1063779aafd3349c15457ad1ee2ce53608b4238b0276eace6e

Threat Level: Known bad

The file s_443.zip was found to be: Known bad.

Malicious Activity Summary

systembc trojan

SystemBC

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-04-17 05:32

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-17 05:32

Reported

2023-04-17 05:34

Platform

win7-20230220-en

Max time kernel

100s

Max time network

74s

Command Line

"C:\Users\Admin\AppData\Local\Temp\s_443.exe"

Signatures

SystemBC

trojan systembc

Processes

C:\Users\Admin\AppData\Local\Temp\s_443.exe

"C:\Users\Admin\AppData\Local\Temp\s_443.exe"

Network

Country Destination Domain Proto
NL 45.15.159.230:443 tcp

Files

memory/1236-55-0x0000000000220000-0x0000000000223000-memory.dmp

memory/1236-56-0x0000000000400000-0x00000000007EF000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-17 05:32

Reported

2023-04-17 05:34

Platform

win10v2004-20230220-en

Max time kernel

100s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\s_443.exe"

Signatures

SystemBC

trojan systembc

Processes

C:\Users\Admin\AppData\Local\Temp\s_443.exe

"C:\Users\Admin\AppData\Local\Temp\s_443.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 177.17.30.184.in-addr.arpa udp
US 8.8.8.8:53 55.37.195.20.in-addr.arpa udp
US 8.8.8.8:53 42.220.44.20.in-addr.arpa udp
US 52.152.110.14:443 tcp
NL 45.15.159.230:443 tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 230.159.15.45.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 assets.msn.com udp
GB 95.101.143.242:443 assets.msn.com tcp
US 8.8.8.8:53 242.143.101.95.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 203.151.224.20.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 52.152.110.14:443 tcp
US 52.152.110.14:443 tcp
US 52.152.110.14:443 tcp

Files

memory/3520-134-0x0000000000940000-0x0000000000943000-memory.dmp

memory/3520-135-0x0000000000400000-0x00000000007EF000-memory.dmp