MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 08fd0983b9d0d9cd5947e885da8031fdf54d02a89a5d274e1c18bc8967bdde00. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SystemBC


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 08fd0983b9d0d9cd5947e885da8031fdf54d02a89a5d274e1c18bc8967bdde00
SHA3-384 hash: 0b10245f0f471458685a5691a4480e27620d59c83df5dfd53c4612cf7053a553f8ca665ecb172b50a679503bdd997931
SHA1 hash: 946769c1930d2d0fc082df5fdfcaeb77e418ea90
MD5 hash: c7823ddbc6ebe2451b7d2dbc43c0fba2
humanhash: alanine-uncle-romeo-double
File name:c7823ddbc6ebe2451b7d2dbc43c0fba2.exe
Download: download sample
Signature SystemBC
Create hunting rule
File size:172'544 bytes
First seen:2020-11-28 10:12:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 146e7fadf37dc1a6aabb0951b715f04e (1 x Glupteba, 1 x SystemBC, 1 x ArkeiStealer)
ssdeep 3072:bdGoswmSVX47FfI6R0d04riXNtzbkY+IIIIqDqdq:5PQSVXEFAcGI/zrd
Threatray 25 similar samples on MalwareBazaar
TLSH 0BF38B2174C1C033D59B183508E1C7B56B3AB8B65B295ACB7BE42B7D4F312E28A36747
Reporter abuse_ch
Tags:exe SystemBC


Avatar
abuse_ch
Unknown payload URL:
http://nstfdmserv275.xyz/atxzx111.exe

SystemBC C2:
23.106.215.30:4044

Intelligence

File Origin
# of uploads :
1
# of downloads :
228
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/105891/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Creating a file
Creating a process from a recently created file
Creating a process with a hidden window
DNS request
Sending a custom TCP request
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/550008
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for dropped file
Machine Learning detection for sample
May use the Tor software to hide its network traffic
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/08fd0983b9d0d9cd5947e885da8031fdf54d02a89a5d274e1c18bc8967bdde00/
Threat name:
Win32.Trojan.Ranumbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-24 21:48:28 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bd6qta5z2dm42wkh5cc5vabr7x2u2avitjosotq4dc6isz553yaa._file
Verdict:
malicious
Similar samples:
318e0bd67ccbf40f50b848831fb2885b161e68acdfaaa0c619c79b3912af2ecd
SystemBC
63e7464225916f05a6dc4576721fae7a3a449fdab81072f28ba9a4bf5e9a54f9
SystemBC
8ceee34b010701c3745db2e9868c68902440d951d7c2dbe383ee2c25d5aa20dc
SystemBC
91647ac947d5d5d3a0dc69e98070bfc2f9841d7839b579d69c524b02869a497f
SystemBC
9e5f370201251e8dc138678f8e0d4f0bdd75e1353edcc77d41c8401621c2c671
SystemBC
d0c19e8c1317c52d421450e5605061b620d2b301d8e1a9811db6615c4d56b89f
SystemBC
dba174d5ff22c6f4b3969a5dfd3dd66026a4f60d6ec73f5105c312f66ec2a6af
SystemBC
e7174b9891b41bf0459fd6fe3f6ab5c63aa5ab4883b02d32325dd19f6d1ed71f
SystemBC
e86c00bb96428b8c113169da2c996f457ed22467c5ad998e87bb48b65e98ab36
SystemBC
f0562d49226fc4776a7991b14f43b2c7a572ae276adef3d3dc3678b8b0894401
SystemBC
+ 15 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/201128-9dlg8wbnlj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Executes dropped EXE
Unpacked files
SH256 hash:
60fef0b74db9562cfb9a906716975a8534d97b493911a939a40b69b1969ca0d3
MD5 hash:
e07af3db58067875967cf8817ab08378
SHA1 hash:
2a72e308dbf6a68f9d19013ee0f55d7183a9d3ff
Detections:
win_systembc_g0
Create hunting rule
win_systembc_auto
Create hunting rule
Link:
https://www.unpac.me/results/6b5f6404-543d-4407-8603-f6791f2208c2/
Parent samples :
d0c19e8c1317c52d421450e5605061b620d2b301d8e1a9811db6615c4d56b89f
08fd0983b9d0d9cd5947e885da8031fdf54d02a89a5d274e1c18bc8967bdde00
d896fea673941330bf9b4aca5ad7bd1b5e12d3768bfaea9521c843ac1324c629
36a101b5a13436dd67e2b33c2abbae7cdd86a7ed951185a1914c12685339ad74
fb45af7bb8ffdcddaaec2a9e88968fbcb82eaedbdf1c16a7e9ac861906a07e23
SH256 hash:
08fd0983b9d0d9cd5947e885da8031fdf54d02a89a5d274e1c18bc8967bdde00
MD5 hash:
c7823ddbc6ebe2451b7d2dbc43c0fba2
SHA1 hash:
946769c1930d2d0fc082df5fdfcaeb77e418ea90
Link:
https://www.unpac.me/results/6b5f6404-543d-4407-8603-f6791f2208c2/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_systembc_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
URLhaus
https://urlhaus.abuse.ch/url/863078/
Cape
Cape
https://www.capesandbox.com/analysis/105891/

Comments