systembc | VmManagedSetup[.]exe | Triage

Sharing

General

Target

VmManagedSetup.exe
Size

16KB
MD5

7ee103ee99b95c07cc4a024e4d0fdc03
SHA1

885fc76ba1261a1dcce87f183a2385b2b99afd96
SHA256

cc4960939a41d6a281ddad307b107e16214f4aeda261c9b5037f26e60dc7bba2
SHA512

ad3189d8ba4be578b13b81d50d1bd361f30fc001ebe27d365483858b3d78db38b6b54c1464f816b589c01407674ffcaae96d34b923ec15d0808cfed2bfa8ce21
SSDEEP

384:TWqH7LUQNe0YeoH9R7rkJApmiiT7AemssVnQgJmd:TW6LUQNeresznN8MsCntM

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

C2

94.198.55.181:4337

94.198.51.247:4337

Signatures

Systembc family
systembc
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

VmManagedSetup.exe

Files

VmManagedSetup.exe
.exe windows:5 windows x64 arch:x64

18f62dfc818367ab05a2e7444bf7f15f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

wsprintfA

ws2_32

closesocket
shutdown
send
WSAIoctl
recv
accept
listen
getaddrinfo
ioctlsocket
connect
setsockopt
bind
htons
htonl
freeaddrinfo
inet_ntoa
inet_addr
socket
WSAStartup
select

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
GetSidSubAuthority
GetTokenInformation
OpenProcessToken
RegDeleteValueA

kernel32

VirtualFree
GetCurrentProcess
SetEvent
WaitForSingleObject
CloseHandle
LocalAlloc
CreateFileA
GetVolumeInformationA
VirtualAlloc
CreateEventA
LocalFree
ExitProcess
Sleep
FileTimeToSystemTime
SetFilePointer
WriteFile
GetModuleFileNameA
CreateThread
GetLocalTime
GetTempPathA
SystemTimeToFileTime

secur32

GetUserNameExA
GetUserNameExW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 501B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ