systembc | 07102023_1339_samples_part02[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

07102023_1339_samples_part02.zip
Size

721KB
MD5

a2aeedf66d4376a650e43ec433ae0603
SHA1

f617fcb55eccacf0adf74c54dcb4242dd8f2bab3
SHA256

78fe8170a4e49d83abb8118865f341aa7bf307b6e99f7728b42537161d7df4c4
SHA512

4d8f120249ec3d69a5fd46cb39d2266d220fe49ddfad70f9aa425e765519ff057d9d891fad67c361781ccf95267f18ffbd04ac8a497fa3dbdb3333edd0362f39
SSDEEP

12288:obPRbiI+qiRGHfh3IPbS98JVMZ68vffewWRREsy218ITcAIOge8wJpZjL2foUZea:wPRbiI+qiRA3Iu98JKln2wWU2doFOn8t

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

95.179.146.128:443

146.70.53.169:443

45.77.115.67:443

192.168.1.28:443

93.115.25.41:443

Signatures

Systembc family
systembc

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/644e21c9a81080a0a6549adb2288147c2e73008213ce1061cb192fff1c3f8435.bin
unpack001/6fe218dea5435f56596a29a9d68614b9d4eb7615bb216897cced2d1aec586431.bin
unpack001/853e856969c53d159ac3c36ef58bf39c92b4fe4d7d27a62d04e3d39e7e8d4608.bin
unpack001/859ad779718a6f32b24f77fead92a93f447b72a0d2448680352e35803758038d.bin
unpack001/926fcb9483faa39dd93c8442e43af9285844a1fbbe493f3e4731bbbaecffb732.bin

Files

07102023_1339_samples_part02.zip
.zip
644e21c9a81080a0a6549adb2288147c2e73008213ce1061cb192fff1c3f8435.bin
.exe windows:4 windows x86

801793b2be29822524e8824fc3c47535

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageA
RegisterClassA
LoadIconA
LoadCursorA
GetWindowThreadProcessId
ShowWindow
GetMessageA
TranslateMessage
UpdateWindow
wsprintfA
GetClassNameA
EnumWindows
CreateWindowExA
DispatchMessageA
DefWindowProcA
GetWindowTextA

kernel32

LocalAlloc
OpenProcess
SetEvent
LocalFree
OpenMutexA
GetModuleHandleA
WriteFile
WaitForSingleObject
VirtualFree
VirtualAlloc
SystemTimeToFileTime
Sleep
CloseHandle
CreateEventA
CreateFileA
CreateMutexA
CreateThread
DeleteFileA
ExitProcess
FileTimeToSystemTime
GetCommandLineA
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetLocalTime
GetModuleFileNameA
GetVolumeInformationA
GetProcAddress
GetTempPathA
SetFilePointer

advapi32

GetSidSubAuthority
OpenProcessToken
GetTokenInformation

wsock32

WSAStartup
closesocket
connect
htons
ioctlsocket
recv
select
send
setsockopt
shutdown
socket
WSACleanup

shell32

CommandLineToArgvW

ws2_32

freeaddrinfo
WSAIoctl
getaddrinfo

ole32

CoUninitialize
CoInitialize
CoCreateInstance

secur32

GetUserNameExA
GetUserNameExW

psapi

GetModuleFileNameExA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 386B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
6fe218dea5435f56596a29a9d68614b9d4eb7615bb216897cced2d1aec586431.bin
.exe windows:5 windows x86

ebd9fa475638eafc424b8bc2eb84d2e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesA
ReadFile
ReadConsoleW
GetVolumeInformationA
GetComputerNameW
LocalFree
InterlockedDecrement
GetSystemTimeAdjustment
SetLocaleInfoW
FindNextVolumeA
FindNextChangeNotification
CopyFileExA
MoveFileWithProgressA
VerifyVersionInfoA
LocalSize
FileTimeToDosDateTime
DebugBreak
GlobalGetAtomNameA
IsBadWritePtr
FindResourceW
GetComputerNameExA
GetProcAddress
GetStringTypeW
GetFileTime
GetConsoleAliasesLengthW
DeleteVolumeMountPointA
GetOEMCP
GetQueuedCompletionStatus
CopyFileW
InterlockedPushEntrySList
WriteConsoleA
GetBinaryTypeW
WriteConsoleOutputA
GetCommandLineA
VerifyVersionInfoW
CreateActCtxA
FormatMessageW
GetModuleHandleA
EnterCriticalSection
GetComputerNameA
GetStringTypeExW
OpenMutexW
LocalFlags
RtlCaptureContext
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
GetPrivateProfileStructA
DeleteFiber
InterlockedExchangeAdd
EnumDateFormatsW
InterlockedIncrement
GetNamedPipeHandleStateW
RegisterWaitForSingleObject
LocalAlloc
QueryMemoryResourceNotification
SetLastError
SetFilePointer
lstrcpynW
LoadLibraryA
RaiseException
RtlUnwind
GetLastError
MoveFileA
DeleteFileA
GetStartupInfoW
HeapAlloc
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
GetCPInfo
GetACP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
LCMapStringA
WideCharToMultiByte
LCMapStringW

user32

CharUpperBuffA

advapi32

RevertToSelf

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
853e856969c53d159ac3c36ef58bf39c92b4fe4d7d27a62d04e3d39e7e8d4608.bin
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 367KB - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 487KB - Virtual size: 487KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
859ad779718a6f32b24f77fead92a93f447b72a0d2448680352e35803758038d.bin
.dll windows:4 windows x86

e5153bc984f5f5e1981ab2ad851c76c5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UpdateWindow
TranslateMessage
ShowWindow
RegisterClassA
PostQuitMessage
LoadIconA
LoadCursorA
GetMessageA
DispatchMessageA
DefWindowProcA
CreateWindowExA

kernel32

CloseHandle
WaitForSingleObject
VirtualFree
VirtualAlloc
Sleep
SetEvent
GetVolumeInformationA
GetModuleHandleA
ExitThread
CreateThread
CreateEventA

wsock32

closesocket
connect
htons
ioctlsocket
recv
select
send
setsockopt
shutdown
socket
WSAStartup

ws2_32

freeaddrinfo
WSAIoctl
getaddrinfo

secur32

GetUserNameExA

Exports

Exports

rundll

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 242B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
926fcb9483faa39dd93c8442e43af9285844a1fbbe493f3e4731bbbaecffb732.bin
.dll windows:4 windows x86

955e18b51696d87de29a0e236ef97943

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateEventA
CreateThread
ExitThread
GetVolumeInformationA
SetEvent
Sleep
VirtualAlloc
VirtualFree
WaitForSingleObject

wsock32

WSAStartup
closesocket
connect
htons
ioctlsocket
recv
select
send
setsockopt
shutdown
socket

ws2_32

freeaddrinfo
WSAIoctl
getaddrinfo

secur32

GetUserNameExA

Exports

Exports

rundll

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 789B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

801793b2be29822524e8824fc3c47535

Headers

File Characteristics

Imports

user32

kernel32

advapi32

wsock32

shell32

ws2_32

ole32

secur32

psapi

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 576B

.reloc Size: 512B - Virtual size: 386B

ebd9fa475638eafc424b8bc2eb84d2e7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 54KB - Virtual size: 54KB

.data Size: 70KB - Virtual size: 1.4MB

.rsrc Size: 19KB - Virtual size: 19KB

Headers

File Characteristics

Sections

CODE Size: 367KB - Virtual size: 366KB

DATA Size: 6KB - Virtual size: 6KB

BSS Size: - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 28KB - Virtual size: 27KB

.rsrc Size: 487KB - Virtual size: 487KB

e5153bc984f5f5e1981ab2ad851c76c5

Headers

File Characteristics

Imports

user32

kernel32

wsock32

ws2_32

secur32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 200B

.reloc Size: 512B - Virtual size: 242B

955e18b51696d87de29a0e236ef97943

Headers

File Characteristics

Imports

kernel32

wsock32

ws2_32

secur32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 1024B - Virtual size: 789B

.data Size: 512B - Virtual size: 180B

.reloc Size: 512B - Virtual size: 202B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 576B

.reloc
Size: 512B - Virtual size: 386B

.text
Size: 54KB - Virtual size: 54KB

.data
Size: 70KB - Virtual size: 1.4MB

.rsrc
Size: 19KB - Virtual size: 19KB

CODE
Size: 367KB - Virtual size: 366KB

DATA
Size: 6KB - Virtual size: 6KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 487KB - Virtual size: 487KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 200B

.reloc
Size: 512B - Virtual size: 242B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 789B

.data
Size: 512B - Virtual size: 180B

.reloc
Size: 512B - Virtual size: 202B