systembc | c1631959fd2282fc1f4d32ad3799a895[.]exe | Triage

Sharing

General

Target

c1631959fd2282fc1f4d32ad3799a895.exe
Size

8KB
MD5

c1631959fd2282fc1f4d32ad3799a895
SHA1

e4ddc8c538c3a30f8e0a09299f685a58c0ef6df8
SHA256

4de65c2ba577ee5a6b05493239ca386700a9864e5b01f7ebd451b6c05c833f59
SHA512

2a8fbf44d050ebc7c50a6aeff9bf60a77c97ca2afa6cada09f98b3f1ddc9b9a9e7129df23183bcad55ecd44cba33b35ab054fde2bf7eb573f550f0b37764b49f
SSDEEP

96:PNoCMDnHFBkGNutaR/3Mnh/MM4odWLqhZAoUyLh/b9U/lpo2i4gwnpw:FoTH7kGsaBc/ZbdNdhEi4Ppw

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

C2

148.251.236.201:443

Signatures

Systembc family
systembc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
c1631959fd2282fc1f4d32ad3799a895.exe

Files

c1631959fd2282fc1f4d32ad3799a895.exe
.exe windows x86

c43eeea4eb37b541724563a3273bc88b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UpdateWindow
TranslateMessage
ShowWindow
RegisterClassA
PostQuitMessage
LoadIconA
LoadCursorA
GetMessageA
DispatchMessageA
DefWindowProcA
CreateWindowExA

kernel32

GetCommandLineA
WaitForSingleObject
VirtualFree
VirtualAlloc
Sleep
CloseHandle
CreateEventA
CreateThread
ExitProcess
GetVolumeInformationA
GetModuleHandleA
SetEvent

advapi32

RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey

wsock32

WSAStartup
closesocket
connect
htons
ioctlsocket
recv
select
send
setsockopt
shutdown
socket

ws2_32

freeaddrinfo
WSAIoctl
getaddrinfo

secur32

GetUserNameExA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ