systembc | 111cc14cd4d6e43d11cd1bef261e75313c9f7f9528abf6dc0f98878cc14b189a

Analysis

max time kernel
141s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2023 04:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

111cc14cd4d6e43d11cd1bef261e75313c9f7f9528abf6dc0f98878cc14b189a.exe
Size

274KB
MD5

0ec87a33cee1594c1808267bc677d827
SHA1

1e078fb607d12ccdd11da03f9503ca64cb9fde32
SHA256

111cc14cd4d6e43d11cd1bef261e75313c9f7f9528abf6dc0f98878cc14b189a
SHA512

03613e2615d47701893e784f39a82fdcb8d30f563d65f3f890d73e0ccfd07a38cbcd2e8976cabc64478880b03cf3c334e4712f6c20ed25f2c562ea942abf4551
SSDEEP

3072:j9YfGqbMAKL6H47ECDRbiyINNvXffbWESrHrDA6tKvbpeDb:JFMMQHsEkba5bWESjtKvFk

Score

10^/10

systembc persistence trojan

Malware Config

Extracted

Family

systembc

discordcdn8839248.com:4327

chinabar821994.com:4327

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

111cc14cd4d6e43d11cd1bef261e75313c9f7f9528abf6dc0f98878cc14b189a.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\socks5 = "powershell.exe -windowstyle hidden -Command \"& 'C:\\Users\\Admin\\AppData\\Local\\Temp\\111cc14cd4d6e43d11cd1bef261e75313c9f7f9528abf6dc0f98878cc14b189a.exe'\""	111cc14cd4d6e43d11cd1bef261e75313c9f7f9528abf6dc0f98878cc14b189a.exe

C:\Users\Admin\AppData\Local\Temp\111cc14cd4d6e43d11cd1bef261e75313c9f7f9528abf6dc0f98878cc14b189a.exe
"C:\Users\Admin\AppData\Local\Temp\111cc14cd4d6e43d11cd1bef261e75313c9f7f9528abf6dc0f98878cc14b189a.exe"
1⤵
- Adds Run key to start application
PID:4120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4120-134-0x0000000002540000-0x0000000002640000-memory.dmp

Filesize
1024KB

Download
memory/4120-135-0x0000000003EF0000-0x0000000003EF5000-memory.dmp

Filesize
20KB

Download
memory/4120-136-0x0000000000400000-0x00000000022EB000-memory.dmp

Filesize
30.9MB

Download
memory/4120-137-0x0000000002540000-0x0000000002640000-memory.dmp

Filesize
1024KB

Download
memory/4120-139-0x0000000003EF0000-0x0000000003EF5000-memory.dmp

Filesize
20KB

Download