MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 053d07f500929021520598933b0dae9dd0cc2d50b9be37318a2b98d6b30fa6d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SystemBC

Vendor detections: 9

Intelligence 9 IOCs YARA 3 File information Comments

SHA256 hash:	053d07f500929021520598933b0dae9dd0cc2d50b9be37318a2b98d6b30fa6d2
SHA3-384 hash:	7be9723b623abbc66663b876684823d92a86d5ef73c94d1865f3bee3c4941808683737249e89a54a06748628c274639f
SHA1 hash:	7ce56ccbe55ee19d87eee124888601f971e026eb
MD5 hash:	98abfc26a4dff61818faba1a24a0bc82
humanhash:	utah-happy-hydrogen-coffee
File name:	98abfc26a4dff61818faba1a24a0bc82.exe
Download:	download sample
Signature	SystemBC Create hunting rule
File size:	1'833'984 bytes
First seen:	2022-10-10 14:11:45 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	d8761a1f54b24cb5e90225a4de0f3bda (1 x RedLineStealer, 1 x SystemBC)
ssdeep	24576:tBrRV7ILkxsWamWZkihMuOk6y2CwLLN6WbSt6opOCk1MNn5rbCNQm5D:tBrb7gkGOk6y2PtgzOun5SNQm5
TLSH	T15E8522F06EA48B7BC81E7171BDF5422BC6ABD10579C71A239365698DCEA01C1D63F8C2
TrID	48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 16.4% (.EXE) Win64 Executable (generic) (10523/12/4) 10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	70f8bcf8f8f2f070 (1 x SystemBC)
Reporter	abuse_ch
Tags:	exe SystemBC

Intelligence

File Origin

# of uploads :

# of downloads :

212

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/318464/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.62649509.6242.17.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

DNS request

Sending a custom TCP request

Creating a file

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/634428330aa036a7dfcdca93/reports/06a87f8e-6edf-417e-a48e-c88846f4a5c9/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/4437718e-7d71-43e1-bec1-fa2bd9b0d87f

Result

Threat name:

SystemBC

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/1087207

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/053d07f500929021520598933b0dae9dd0cc2d50b9be37318a2b98d6b30fa6d2/

Threat name:

Win32.Trojan.Tiggre

Status:

Malicious

First seen:

2022-10-09 20:35:38 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

21 of 26 (80.77%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=au6qp5iaskiccuqftcjtwdnotximylkqxg7dommkfomnnmypu3ja._file

Verdict:

malicious

Result

Malware family:

systembc

Score:

10/10

Tags:

family:systembc trojan

Link:

https://tria.ge/reports/221010-rhvdvscah2/

Behaviour

Creates scheduled task(s)

Runs ping.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Checks computer location settings

Deletes itself

Loads dropped DLL

Executes dropped EXE

SystemBC

Malware Config

C2 Extraction:

89.22.225.242:4193
195.2.93.22:4193

Verdict:

Informative

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/1c437441-5059-4bf7-a6e9-4495f6e176fc

Unpacked files

SH256 hash:

1095d8c893b8f1bebeb86bd25984a0155125f567287b18e1852955349db7b8d2

MD5 hash:

a61b7e4da7b8cb34a38103ba37955cfb

SHA1 hash:

dd53f615f59f56dd658344bb19af3907b5fa149b

Link:

https://www.unpac.me/results/39e06595-7672-43ce-912d-e58fa2a9a18f/

SH256 hash:

053d07f500929021520598933b0dae9dd0cc2d50b9be37318a2b98d6b30fa6d2

MD5 hash:

98abfc26a4dff61818faba1a24a0bc82

SHA1 hash:

7ce56ccbe55ee19d87eee124888601f971e026eb

Link:

https://www.unpac.me/results/39e06595-7672-43ce-912d-e58fa2a9a18f/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/053d07f500929021520598933b0dae9dd0cc2d50b9be37318a2b98d6b30fa6d2

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	malware_shellcode_hash Create hunting rule
Author:	JPCERT/CC Incident Response Group
Description:	detect shellcode api hash value

Rule name:	meth_get_eip Create hunting rule
Author:	Willi Ballenthin

Rule name:	pdb_YARAify Create hunting rule
Author:	@wowabiy314
Description:	PDB

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/318464/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample