systembc | 44d91bcc9c29ea92d933095d707a0040e39b08d1c52099014d58eceecbbe3ace[.]zip

General

Target

44d91bcc9c29ea92d933095d707a0040e39b08d1c52099014d58eceecbbe3ace.zip
Size

6KB
MD5

ac7cb117b8c3533d1783641effde52d8
SHA1

542664a51946fdaafa384a45f61f9625098e15e7
SHA256

0098751fd6bfe3f27303b80ade1d7963c45cb93347583cb7fdd068e633d774a3
SHA512

a47a4017ba83362e93f35a22ab06800ae137900e2437c33207dadeeab9ed64c6c8065e3ede95a838045932741007af6c614115c02dfb95ae2b9935f95a2ae076
SSDEEP

96:cRhHcwhXypHKYZ6jHY3vK5f1MGEfwRJ3xDO1DaVh0bGp4AZylc0c3tLqnJoRF:VwhXtMycynuuBSsVh2Gp49KenJy

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

C2

65.21.119.52:4277

localhost.exchange:4277

Signatures

Systembc family
systembc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/44d91bcc9c29ea92d933095d707a0040e39b08d1c52099014d58eceecbbe3ace.exe

Files

44d91bcc9c29ea92d933095d707a0040e39b08d1c52099014d58eceecbbe3ace.zip
.zip

Password: infected
44d91bcc9c29ea92d933095d707a0040e39b08d1c52099014d58eceecbbe3ace.exe
.dll windows x64

Password: infected

9d40dd67bb6cfbfeb09c141d693f05f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

user32

wsprintfA

ws2_32

getaddrinfo
closesocket
shutdown
send
setsockopt
freeaddrinfo
recv
WSAIoctl
select
connect
inet_ntoa
inet_addr
htons
ioctlsocket
WSAStartup
socket

advapi32

GetTokenInformation
OpenProcessToken
GetSidSubAuthority

kernel32

WriteFile
SetFilePointer
CreateFileA
VirtualFree
LocalFree
LocalAlloc
GetLocalTime
SetEvent
WaitForSingleObject
ExitThread
CloseHandle
CreateThread
GetVolumeInformationA
VirtualAlloc
SystemTimeToFileTime
Sleep
GetCurrentProcess
FileTimeToSystemTime
CreateEventA

secur32

GetUserNameExA
GetUserNameExW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

Exports

Exports

rundll

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 595B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

9d40dd67bb6cfbfeb09c141d693f05f0

Headers

DLL Characteristics

File Characteristics

Imports

user32

ws2_32

advapi32

kernel32

secur32

ole32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 595B

.pdata Size: 512B - Virtual size: 432B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 595B

.pdata
Size: 512B - Virtual size: 432B