systembc | 38227cba098cf881b7ccb7cbce2228ac0aa4577894167cc6bbbfb5f3ca4cd846

Resubmissions

03-08-2023 23:48

230803-3tkvcahg2z 10

25-06-2022 21:01

220625-zt7sbseab3 10

Analysis

max time kernel
143s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2023 23:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38227cba098cf881b7ccb7cbce2228ac0aa4577894167cc6bbbfb5f3ca4cd846.exe
Size

293KB
MD5

0834595393a68716e6af02c86fed22c0
SHA1

a1226559a99cec3fb44ca57f7b5afd063d64f46f
SHA256

38227cba098cf881b7ccb7cbce2228ac0aa4577894167cc6bbbfb5f3ca4cd846
SHA512

8f4bf0615725b59b51b6d462f48aad96a3fb57d72747c587251396ddef0370e5f3615459e4884083f60c88bc12fd7a91d3fbbafced05f8194227bb6ea707acdc
SSDEEP

6144:pftVa3cs0EUsc+w52S2z10iYAtCxALslEtkGxcmRdgyuK/6l8ID4:RuvFUsn02SS/CKLsStnmmRdg18ID4

Score

10^/10

systembc trojan upx

Malware Config

Extracted

Family

systembc

spexblog17.xyz:4044

admstat45.xyz:4044

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc
Executes dropped EXE 1 IoCs

Processes:

nsnbil.exe

pid process

1996 nsnbil.exe

pid	process
1996	nsnbil.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4680-133-0x0000000000400000-0x0000000000670000-memory.dmp	upx
behavioral2/memory/4680-134-0x0000000000400000-0x0000000000670000-memory.dmp	upx
behavioral2/memory/4680-135-0x0000000000400000-0x0000000000670000-memory.dmp	upx
C:\ProgramData\kutv\nsnbil.exe	upx
C:\ProgramData\kutv\nsnbil.exe	upx
behavioral2/memory/1996-146-0x0000000000400000-0x0000000000670000-memory.dmp	upx
behavioral2/memory/1996-147-0x0000000000400000-0x0000000000670000-memory.dmp	upx

Drops file in Windows directory 2 IoCs

Processes:

38227cba098cf881b7ccb7cbce2228ac0aa4577894167cc6bbbfb5f3ca4cd846.exe

description	ioc	process
File created	C:\Windows\Tasks\nsnbil.job	38227cba098cf881b7ccb7cbce2228ac0aa4577894167cc6bbbfb5f3ca4cd846.exe
File opened for modification	C:\Windows\Tasks\nsnbil.job	38227cba098cf881b7ccb7cbce2228ac0aa4577894167cc6bbbfb5f3ca4cd846.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

38227cba098cf881b7ccb7cbce2228ac0aa4577894167cc6bbbfb5f3ca4cd846.exe

pid	process
4680	38227cba098cf881b7ccb7cbce2228ac0aa4577894167cc6bbbfb5f3ca4cd846.exe
4680	38227cba098cf881b7ccb7cbce2228ac0aa4577894167cc6bbbfb5f3ca4cd846.exe

C:\Users\Admin\AppData\Local\Temp\38227cba098cf881b7ccb7cbce2228ac0aa4577894167cc6bbbfb5f3ca4cd846.exe
"C:\Users\Admin\AppData\Local\Temp\38227cba098cf881b7ccb7cbce2228ac0aa4577894167cc6bbbfb5f3ca4cd846.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:4680

C:\ProgramData\kutv\nsnbil.exe
C:\ProgramData\kutv\nsnbil.exe start2
1⤵
- Executes dropped EXE
PID:1996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\kutv\nsnbil.exe
Filesize
293KB

MD5
0834595393a68716e6af02c86fed22c0

SHA1
a1226559a99cec3fb44ca57f7b5afd063d64f46f

SHA256
38227cba098cf881b7ccb7cbce2228ac0aa4577894167cc6bbbfb5f3ca4cd846

SHA512
8f4bf0615725b59b51b6d462f48aad96a3fb57d72747c587251396ddef0370e5f3615459e4884083f60c88bc12fd7a91d3fbbafced05f8194227bb6ea707acdc

Download Submit
C:\ProgramData\kutv\nsnbil.exe
Filesize
293KB

MD5
0834595393a68716e6af02c86fed22c0

SHA1
a1226559a99cec3fb44ca57f7b5afd063d64f46f

SHA256
38227cba098cf881b7ccb7cbce2228ac0aa4577894167cc6bbbfb5f3ca4cd846

SHA512
8f4bf0615725b59b51b6d462f48aad96a3fb57d72747c587251396ddef0370e5f3615459e4884083f60c88bc12fd7a91d3fbbafced05f8194227bb6ea707acdc

Download Submit
memory/1996-152-0x0000000002340000-0x0000000002358000-memory.dmp

Filesize
96KB

Download
memory/1996-151-0x0000000000400000-0x0000000000670000-memory.dmp

Filesize
2.4MB

Download
memory/1996-150-0x0000000000400000-0x0000000000670000-memory.dmp

Filesize
2.4MB

Download
memory/1996-148-0x0000000002340000-0x0000000002358000-memory.dmp

Filesize
96KB

Download
memory/1996-147-0x0000000000400000-0x0000000000670000-memory.dmp

Filesize
2.4MB

Download
memory/1996-146-0x0000000000400000-0x0000000000670000-memory.dmp

Filesize
2.4MB

Download
memory/4680-136-0x0000000000CC0000-0x0000000000CD8000-memory.dmp

Filesize
96KB

Download
memory/4680-139-0x0000000000CC0000-0x0000000000CD8000-memory.dmp

Filesize
96KB

Download
memory/4680-138-0x0000000000400000-0x0000000000670000-memory.dmp

Filesize
2.4MB

Download
memory/4680-137-0x0000000000400000-0x0000000000670000-memory.dmp

Filesize
2.4MB

Download
memory/4680-133-0x0000000000400000-0x0000000000670000-memory.dmp

Filesize
2.4MB

Download
memory/4680-135-0x0000000000400000-0x0000000000670000-memory.dmp

Filesize
2.4MB

Download
memory/4680-134-0x0000000000400000-0x0000000000670000-memory.dmp

Filesize
2.4MB

Download