systembc | bbc4cfc35c3d961030fa0e7ce702586f[.]exe | Triage

Sharing

General

Target

bbc4cfc35c3d961030fa0e7ce702586f.exe
Size

8KB
MD5

bbc4cfc35c3d961030fa0e7ce702586f
SHA1

ba1694084286bebce9680fa28c078ec61342a4ef
SHA256

8701d43c25dff021138589edc144072320bb0d84b0c467d4a699f74fbb575fe3
SHA512

fb9f55ba6ecda54353014fd61967439512929831ccb5489051f83a053a5c90840c740bcc16bc639a05b7e9c6fc5a6a4cc801a9481e4a4cce0fe62c7ec4955d6d
SSDEEP

96:PNoCMDnHFBkGNutaR/3Mnh/MM4odWLqhZAoUyLh/b9U/GczH47o2i4gwnXw:FoTH7kGsaBc/ZbdNdhxcMXi4PXw

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

C2

148.251.236.201:443

Signatures

Systembc family
systembc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bbc4cfc35c3d961030fa0e7ce702586f.exe

Files

bbc4cfc35c3d961030fa0e7ce702586f.exe
.exe windows x86

c43eeea4eb37b541724563a3273bc88b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UpdateWindow
TranslateMessage
ShowWindow
RegisterClassA
PostQuitMessage
LoadIconA
LoadCursorA
GetMessageA
DispatchMessageA
DefWindowProcA
CreateWindowExA

kernel32

GetCommandLineA
WaitForSingleObject
VirtualFree
VirtualAlloc
Sleep
CloseHandle
CreateEventA
CreateThread
ExitProcess
GetVolumeInformationA
GetModuleHandleA
SetEvent

advapi32

RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey

wsock32

WSAStartup
closesocket
connect
htons
ioctlsocket
recv
select
send
setsockopt
shutdown
socket

ws2_32

freeaddrinfo
WSAIoctl
getaddrinfo

secur32

GetUserNameExA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ