MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 120fa0aa63598735bd316759edc1de341d089f391adf67b356039f1e706655e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SystemBC


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 120fa0aa63598735bd316759edc1de341d089f391adf67b356039f1e706655e7
SHA3-384 hash: 8721b2923fe7caa06b412fd173fef66a222bdf5e0c63f055cebae95f3fa06078af43ff5d36fc3ad60ea3161a2055e1a3
SHA1 hash: 19e127533f8b6ab97cad19c6e5e66c33d092360a
MD5 hash: 8ed5f474476b8ac49a1ba0ac9222feae
humanhash: november-lactose-ohio-kentucky
File name:nv.exe
Download: download sample
Signature SystemBC
Create hunting rule
File size:3'244'032 bytes
First seen:2021-08-12 14:24:45 UTC
Last seen:2021-08-16 11:02:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 44237cdd4424ea55c5c96b9ac4c11268 (1 x SystemBC, 1 x ParallaxRAT)
ssdeep 24576:hbQ9TxD/areLtr0CboOCxJJgK9MNjDS5BYS7EY7EomsVjB1CxY4W3TGmsDA2hTE4:ZwFa6xRMO/S5iS40B1GY4W3vsDPTEx2
Threatray 3'752 similar samples on MalwareBazaar
TLSH T12FE55C137248A43FC55B573A4477AA5C8C3B6660A987AC165BF10C4CDF353C22E3A6BB
dhash icon 8eb2c096b080c28c (8 x CoinMiner, 2 x Downloader.Upatre, 1 x SystemBC)
Reporter dor0n
Tags:exe SystemBC

Intelligence

File Origin
# of uploads :
7
# of downloads :
217
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
nv.exe
Verdict:
Malicious activity
Analysis date:
2021-08-12 13:48:12 UTC
Tags:
installer
Link:
https://app.any.run/tasks/b84f4cbb-e5a3-432d-a842-771e5805938f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/178769/
Detection(s):
PUA.Win.Adware.Dealply-6888374-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
SystemBC
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/26e0df97-8925-43c6-806f-b8b37485511b
Result
Threat name:
SystemBC
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/831850
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (creates a PE file in dynamic memory)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has nameless sections
Tries to detect virtualization through RDTSC time measurements
Yara detected SystemBC
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/120fa0aa63598735bd316759edc1de341d089f391adf67b356039f1e706655e7/
Threat name:
Win32.Backdoor.ParallaxRat
Create hunting rule
Status:
Malicious
First seen:
2021-08-12 14:25:06 UTC
File Type:
PE (Exe)
Extracted files:
68
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
173240b443fdb5cc7ed97cf6eedeb0d823924df3dab6d468c9da2898443f3ac6
SystemBC
2793bbaba9d12a4a740b6c957143367ce1fb13bb98ecb122e2cb41728bed525e
SystemBC
2e3b767101904dd4352ece4ac162a9253edc02609db93ef70801e3a6fe1268f4
SystemBC
2fbf6c5454bb88073ecbc13b293375ec58a9f8636c188881ffd7a3573f3c1cac
SystemBC
69fac4fe77b6da550498724f01e6db66d5c18a19c185d824bf62afdaccb0a7d6
SystemBC
8f71fca5621ccb7ba3558cfebc17014d27923d1c73ad97ececb577fd5b937047
SystemBC
8fa3eaa46c7d8d1f44a2eeca895f802f2aa7a2251bab347ccb765c72d63ccb58
SystemBC
9f1c935d143a59d2429f2681007c61ee07504302e5798d7abdb9a5d44d90e13b
SystemBC
9f3805a821c12122b67395c50e390d35c70e83d5b82a6e5741e56c0087960a60
SystemBC
dab48eb20191f37e19aed12dc58640ab40957cec26dc3fa63a88f70decbd875c
SystemBC
+ 3'742 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210812-e1am4cweya/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
1676afbf0c1cccd85e023dedb27d2c2ee5a716f0c97f81e5ca523a9a5f657474
MD5 hash:
d54c31a0764a43f1f020e3e09518b20d
SHA1 hash:
a53d8ba49462f7a653382c3e05af211bf8f70eb6
Detections:
win_systembc_auto
Create hunting rule
Link:
https://www.unpac.me/results/7cf2187d-b360-4a5f-8edf-bfade1657240/
SH256 hash:
120fa0aa63598735bd316759edc1de341d089f391adf67b356039f1e706655e7
MD5 hash:
8ed5f474476b8ac49a1ba0ac9222feae
SHA1 hash:
19e127533f8b6ab97cad19c6e5e66c33d092360a
Link:
https://www.unpac.me/results/7cf2187d-b360-4a5f-8edf-bfade1657240/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/120fa0aa63598735bd316759edc1de341d089f391adf67b356039f1e706655e7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/178769/

Comments