systembc | 28f56a4af5c1db4281cd5a100f431437ff319c0f1924f60e28026e9a0da5e654 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28f56a4af5c1db4281cd5a100f431437ff319c0f1924f60e28026e9a0da5e654
Size

10KB
MD5

bef5fcc6c77bfe8eddd46da6abc2c4e2
SHA1

c85fe3c5bb4e5b1a81b092fe9f64c5c9a8bf572f
SHA256

28f56a4af5c1db4281cd5a100f431437ff319c0f1924f60e28026e9a0da5e654
SHA512

091f6f3ef526c9bc948b913277dbc51367eddd7094bb7ff30ae216737f862a23a00e970b376e484170064a98e5db0c9fc4516e50d32eeb76e9043807c4f0fde2
SSDEEP

192:yujSglecgv2dZP7LHJ9d8LtZDCrOEhXCOKyshDD:yujSg9J7LH+1ExsFD

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

C2

173.46.80.169:445

127.0.0.1:445

Signatures

Systembc family
systembc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28f56a4af5c1db4281cd5a100f431437ff319c0f1924f60e28026e9a0da5e654

Files

28f56a4af5c1db4281cd5a100f431437ff319c0f1924f60e28026e9a0da5e654
.dll windows:5 windows x64 arch:x64

6ee439768acc5857f7c914bde918ee17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

inet_addr
inet_ntoa
freeaddrinfo
getaddrinfo
closesocket
shutdown
send
setsockopt
socket
recv
WSAIoctl
select
connect
ioctlsocket
htons
WSAStartup

kernel32

CreateThread
VirtualFree
SetEvent
WaitForSingleObject
ExitThread
CloseHandle
Sleep
LocalAlloc
GetVolumeInformationA
VirtualAlloc
CreateEventA
LocalFree

secur32

GetUserNameExA

Exports

Exports

rundll

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 175B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ