systembc | 6f78256f20eb2b5594391095a341f8749395e7566fdd2ddd3a34a0db9bb9f871

Analysis

max time kernel
134s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
06-05-2023 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

scks.exe
Size

934KB
MD5

3d339c1499363d7571073f9347c9fdb6
SHA1

88437e51dd3872af3658b57e7f489758e8cbf31d
SHA256

6f78256f20eb2b5594391095a341f8749395e7566fdd2ddd3a34a0db9bb9f871
SHA512

110ebaa176a7c8613f2f7d36d75805c9e3ecc747e4b3aadf6a3306e6f4f5ad46c187e4bc70ee50d9cca42a7f0ee03e660b921cb21ae71d1858e83faa231a1421
SSDEEP

24576:aB7AHpszdFvDDXCnYydIrQldFu8hod/QodlyzJ8:axFzvSYyd5FadRdd

Score

10^/10

systembc persistence trojan

Malware Config

Extracted

Family

systembc

15.204.166.162:5757

194.87.111.29:5757

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

scks.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Windows\CurrentVersion\Run	scks.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\socks5 = "powershell.exe -windowstyle hidden -Command \"& 'C:\\Users\\Admin\\AppData\\Local\\Temp\\scks.exe'\""	scks.exe

C:\Users\Admin\AppData\Local\Temp\scks.exe
"C:\Users\Admin\AppData\Local\Temp\scks.exe"
1⤵
- Adds Run key to start application
PID:4196

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4196-133-0x00000000001C0000-0x00000000002B3000-memory.dmp

Filesize
972KB

Download
memory/4196-134-0x00000000012E0000-0x00000000012E6000-memory.dmp

Filesize
24KB

Download
memory/4196-135-0x00000000001C0000-0x00000000002B3000-memory.dmp

Filesize
972KB

Download