Overview

overview

10

Static

static

10

c04fb7e860...d6.exe

windows10-2004-x64

10

c04fb7e860...d6.exe

windows7-x64

10

c04fb7e860...d6.exe

windows10-1703-x64

10

c04fb7e860...d6.exe

windows10-2004-x64

10

c04fb7e860...d6.exe

windows11-21h2-x64

10

Resubmissions

07-05-2024 12:41

240507-pw76rsgb4w 10

07-05-2024 12:41

240507-pw69gagb4v 10

07-05-2024 12:41

240507-pw13fsag43 10

07-05-2024 12:41

240507-pw13fsgb3y 10

07-05-2024 12:41

240507-pwr5jsgb2x 10

25-04-2024 13:13

240425-qf4zvaba6w 10

Analysis

  • max time kernel
    291s
  • max time network
    300s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-05-2024 12:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c04fb7e860702a4c70586b4b15fb2a12a6821bf0a7e4e95dd8759ca1985c7dd6.exe

  • Size

    30KB

  • MD5

    8f1bc2c9a71086445255730d272a3408

  • SHA1

    7ab7a0e541850c5729d495097e0d7901771dc8b9

  • SHA256

    c04fb7e860702a4c70586b4b15fb2a12a6821bf0a7e4e95dd8759ca1985c7dd6

  • SHA512

    3dbfe018e29f014da1f6df132add029ce888d45ed5e22579c060a0a7b32f335433825c2bc41b96ebaafa2830a38bc45caaf656f6d4da67aea7698fc96a1bd6f0

  • SSDEEP

    768:4TwkPr8C6fuFdaAna6DCPt34GuYY92rjnPoJlzcamI1:MV8C6fuFdaz6+O1n2rjnPo7

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

pzlkxadvert475.xyz:4044

pzfdmserv275.xyz:4044

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications 1 TTPs

    Malware can proxy its traffic through Tor for more anonymity.

  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c04fb7e860702a4c70586b4b15fb2a12a6821bf0a7e4e95dd8759ca1985c7dd6.exe
    "C:\Users\Admin\AppData\Local\Temp\c04fb7e860702a4c70586b4b15fb2a12a6821bf0a7e4e95dd8759ca1985c7dd6.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:1812
  • C:\ProgramData\avsq\jintvxc.exe
    C:\ProgramData\avsq\jintvxc.exe start
    1⤵
    • Executes dropped EXE
    PID:1596

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\avsq\jintvxc.exe
    Filesize

    30KB

    MD5

    8f1bc2c9a71086445255730d272a3408

    SHA1

    7ab7a0e541850c5729d495097e0d7901771dc8b9

    SHA256

    c04fb7e860702a4c70586b4b15fb2a12a6821bf0a7e4e95dd8759ca1985c7dd6

    SHA512

    3dbfe018e29f014da1f6df132add029ce888d45ed5e22579c060a0a7b32f335433825c2bc41b96ebaafa2830a38bc45caaf656f6d4da67aea7698fc96a1bd6f0

    Download Submit