systembc | 835089cc52af94cdcdf26ab335f8a4fe4719071746539acf472579fa2fc8e4f9

Analysis

max time kernel
140s
max time network
134s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
18-06-2023 10:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

248KB
MD5

aba61284cec3036dae80ece91256cf35
SHA1

1ccbcd2605d623ada8ecbcace5c1ff1f082c9e2d
SHA256

835089cc52af94cdcdf26ab335f8a4fe4719071746539acf472579fa2fc8e4f9
SHA512

8f57b93b11df6d5aa2686afeb156310bea2f65ed6e17f6b27d1a5089a0d729057f255c9169d797f62c72263ccd4a90fa7203708ebaf3c13521825e1f65a42331
SSDEEP

3072:bnwpjZ/aX+tl/w8aKwg/6K0HXDZh/TKHXwdDlsv5HyVSeR/:Epd/aX+t9w8av13D7/TK3nYR

Score

10^/10

systembc persistence trojan

Malware Config

Extracted

Family

systembc

admex1955x.xyz:4044

servx2785x.xyz:4044

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

file.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Windows\CurrentVersion\Run\socks5 = "powershell.exe -windowstyle hidden -Command \"& 'C:\\Users\\Admin\\AppData\\Local\\Temp\\file.exe'\""	file.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Windows\CurrentVersion\Run	file.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Adds Run key to start application
PID:1160

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1160-54-0x00000000001C0000-0x00000000001D5000-memory.dmp

Filesize
84KB

Download
memory/1160-55-0x0000000000260000-0x0000000000265000-memory.dmp

Filesize
20KB

Download
memory/1160-56-0x0000000000400000-0x0000000000924000-memory.dmp

Filesize
5.1MB

Download