systembc | b852c6b65b2f703b902ed3e84e1c0450N[.]exe | Triage

Sharing

General

Target

b852c6b65b2f703b902ed3e84e1c0450N.exe
Size

6KB
MD5

b852c6b65b2f703b902ed3e84e1c0450
SHA1

d99fe58c3454e2550e7c7ac297d8ea4d037d8344
SHA256

05b5c2d4f368f9a759f75b1289cefe20eb35ba2daaa63d83be47def061ceeb79
SHA512

de5c621dfb77cc95211e53536465c98a51fe4d0fc7c8607e4db79c5b678e506c657abd27d7e81e2eb1c9b567c1e1aae196138181f2a3188d1903f99169341059
SSDEEP

96:rgTv8DAi8ltwh2yVm3FB3nIN/+lYRwVApB5V:AMAiJVKKDR6a5

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

C2

159.100.17.148:110

Signatures

Systembc family
systembc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
b852c6b65b2f703b902ed3e84e1c0450N.exe

Files

b852c6b65b2f703b902ed3e84e1c0450N.exe
.dll windows:4 windows x86 arch:x86

579819c401d1574986716694de64006d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateEventA
CreateThread
ExitProcess
GetVolumeInformationA
LocalAlloc
LocalFree
SetEvent
Sleep
VirtualAlloc
VirtualFree
WaitForSingleObject

wsock32

WSAStartup
closesocket
htons
inet_addr
inet_ntoa
ioctlsocket
recv
select
send
setsockopt
shutdown
socket
connect

ws2_32

freeaddrinfo
WSAIoctl
getaddrinfo

secur32

GetUserNameExA

Exports

Exports

rundll

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 885B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 210B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ