systembc | host[.]dll | Triage

Sharing

General

Target

host.dll
Size

18KB
MD5

230870e5463effd55f4c72c00f1e1eda
SHA1

3999e41ba11cebf133cf4d7aedd63fb640e64246
SHA256

d5ee05aa9a00d9a0058ef255a19f2521855df841bfa78750b16d38e0b59cd1fd
SHA512

5f0b40374635c83e81a0818d051c473b057b0f0f64b87b3b913ae64045b7c2dd65e03d3c0596b73edbac774bcf9b19ad54c27ff93a7db373aef0dec9a214e7bc
SSDEEP

384:r3qHtu750gtxCYLcHtcWajpOnM/uQ9p/mvm12MGSsyV:r3Qgk/arfevmkw

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

C2

45.32.181.136:443

Signatures

Systembc family
systembc
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

host.dll

Files

host.dll
.dll windows x64

bb5490a497d4a5ce59005ca1d1aacc2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

wsprintfA

ws2_32

getaddrinfo
closesocket
shutdown
send
setsockopt
freeaddrinfo
recv
WSAIoctl
select
connect
inet_ntoa
inet_addr
htons
ioctlsocket
WSAStartup
socket

advapi32

GetTokenInformation
OpenProcessToken
GetSidSubAuthority

kernel32

WriteFile
SetFilePointer
CreateFileA
VirtualFree
LocalFree
LocalAlloc
SystemTimeToFileTime
SetEvent
WaitForSingleObject
ExitThread
CloseHandle
CreateThread
GetTempPathA
GetVolumeInformationA
Sleep
CreateEventA
GetCurrentProcess
FileTimeToSystemTime
GetLocalTime
VirtualAlloc

secur32

GetUserNameExA
GetUserNameExW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

Exports

Exports

rundll

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 595B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ