Behavioral task
behavioral1
Sample
511db1f65525516f10cdb0255316d484b0e11c25b6bc5a6ebcf08a9b2f8c9a1d.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
511db1f65525516f10cdb0255316d484b0e11c25b6bc5a6ebcf08a9b2f8c9a1d.exe
Resource
win10-20230703-en
General
-
Target
511db1f65525516f10cdb0255316d484b0e11c25b6bc5a6ebcf08a9b2f8c9a1d
-
Size
8KB
-
MD5
d2c6bccf7c72af5d76d555c7272dded9
-
SHA1
2bb01b0a92c6546534e9745f69d16847569942bd
-
SHA256
511db1f65525516f10cdb0255316d484b0e11c25b6bc5a6ebcf08a9b2f8c9a1d
-
SHA512
ad237fd3bf1325502eb5cccadfb125c4795dd2363834c8cbe9b78c9e0abf1211e0105a82ab5d2fda17b07d428a16f8a2f88e360d51baa0a5e3a17a5bd5533b58
-
SSDEEP
96:viujWjxtYqRQ3ea4W/E/MM4odWLora0Fy/eKW9ZGcp2xFK+gEjaOoSM:KujWjlQOa4P/ZbdV6eKxFK+dHM
Malware Config
Extracted
systembc
185.106.93.188:4301
194.87.111.29:4301
Signatures
-
Systembc family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 511db1f65525516f10cdb0255316d484b0e11c25b6bc5a6ebcf08a9b2f8c9a1d
Files
-
511db1f65525516f10cdb0255316d484b0e11c25b6bc5a6ebcf08a9b2f8c9a1d.exe windows x86
068f6a0fa41d34d8ee888e36c92d5239
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
user32
wsprintfA
UpdateWindow
TranslateMessage
ShowWindow
RegisterClassA
PostQuitMessage
LoadIconA
LoadCursorA
GetMessageA
DispatchMessageA
DefWindowProcA
CreateWindowExA
kernel32
GetCommandLineA
WaitForSingleObject
VirtualFree
VirtualAlloc
Sleep
SetEvent
CloseHandle
CreateEventA
CreateMutexA
CreateThread
ExitProcess
GetVolumeInformationA
GetModuleFileNameA
GetModuleHandleA
OpenMutexA
advapi32
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
wsock32
WSAStartup
closesocket
connect
htons
ioctlsocket
recv
select
send
setsockopt
shutdown
socket
ws2_32
freeaddrinfo
WSAIoctl
getaddrinfo
secur32
GetUserNameExA
Sections
.text Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 316B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 286B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ