systembc | ec7154a50488ecfd5936b6fd10e0a8e3[.]bin | Triage

Sharing

General

Target

ec7154a50488ecfd5936b6fd10e0a8e3.bin
Size

3KB
MD5

85d157d6c87e0e9dcbe8ef90f49e104b
SHA1

f970e3e7de900b086963c166d724710389aad305
SHA256

c9022df11001d084ab34db8210e95cbd7fddeae44735cd8ff2a081d43cb583c9
SHA512

b2180e8eed123bf0d85b31700a618682ce497cec859b8b6d40bd98dabd9ffd069fa972e7dfcf1a17fbb473c56efef5283f91c47b9e2a2128043869d8a1a692f3

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

C2

193.233.132.56:4341

193.233.132.139:4341

Signatures

Systembc family
systembc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/05135a36e3f36578a55ec1a8d0e3628a4f8912bf3c65f865cf793b58db27f357.exe

Files

ec7154a50488ecfd5936b6fd10e0a8e3.bin
.zip

Password: infected
05135a36e3f36578a55ec1a8d0e3628a4f8912bf3c65f865cf793b58db27f357.exe
.exe windows:4 windows x86 arch:x86

Password: infected

a7f2be9d198a373f121c5bf0d47787e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA

kernel32

CreateThread
ExitProcess
GetModuleFileNameA
GetVolumeInformationA
CreateEventA
LocalFree
CloseHandle
Sleep
VirtualAlloc
VirtualFree
WaitForSingleObject
LocalAlloc
SetEvent

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey

wsock32

WSAStartup
closesocket
connect
htons
inet_addr
inet_ntoa
ioctlsocket
recv
select
send
setsockopt
shutdown
socket

ws2_32

freeaddrinfo
WSAIoctl
getaddrinfo

secur32

GetUserNameExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ