systembc | 05135a36e3f36578a55ec1a8d0e3628a4f8912bf3c65f865cf793b58db27f357 | Triage

Sharing

General

Target

05135a36e3f36578a55ec1a8d0e3628a4f8912bf3c65f865cf793b58db27f357
Size

7KB
MD5

ec7154a50488ecfd5936b6fd10e0a8e3
SHA1

ee0b1d0fe9fb24ccff75c934d5988fb0d2ff1a92
SHA256

05135a36e3f36578a55ec1a8d0e3628a4f8912bf3c65f865cf793b58db27f357
SHA512

f2eda862ec56a57832f6b99452f5dc6a8978dbde4431fecf4baa4d4778296f010077806084fa17748894844bf46f1e64efa232cad67052a3610b515d605e2c3d
SSDEEP

96:1y1jUdvqRWXKB1Jww9uKT2MjQcHnjKVOIw+6dT8CKB8tBkLOq:gtKSREKB1aFKjKVV8ToUBk

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

C2

193.233.132.56:4341

193.233.132.139:4341

Signatures

Systembc family
systembc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05135a36e3f36578a55ec1a8d0e3628a4f8912bf3c65f865cf793b58db27f357

Files

05135a36e3f36578a55ec1a8d0e3628a4f8912bf3c65f865cf793b58db27f357
.exe windows:4 windows x86 arch:x86

a7f2be9d198a373f121c5bf0d47787e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA

kernel32

CreateThread
ExitProcess
GetModuleFileNameA
GetVolumeInformationA
CreateEventA
LocalFree
CloseHandle
Sleep
VirtualAlloc
VirtualFree
WaitForSingleObject
LocalAlloc
SetEvent

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey

wsock32

WSAStartup
closesocket
connect
htons
inet_addr
inet_ntoa
ioctlsocket
recv
select
send
setsockopt
shutdown
socket

ws2_32

freeaddrinfo
WSAIoctl
getaddrinfo

secur32

GetUserNameExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ