MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3acc979360b4496d3557182148b005a36f5334ea1b7efc42095c85aa0bf64372. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SystemBC


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3acc979360b4496d3557182148b005a36f5334ea1b7efc42095c85aa0bf64372
SHA3-384 hash: 8dcfafd7d6c5bfe64bca4ddb7c22ed43d7b1fadcd5254f929227d2da2a492038ec9ccac150d26d38e627bf5471bc04a1
SHA1 hash: b9b4c756949a038e87f4efd3569ba12c41a8e810
MD5 hash: 2f781ea76036a17bbd0c0f63be7cff12
humanhash: alanine-angel-echo-queen
File name:2f781ea76036a17bbd0c0f63be7cff12.dll
Download: download sample
Signature SystemBC
Create hunting rule
File size:6'665'944 bytes
First seen:2022-12-24 08:16:50 UTC
Last seen:2022-12-24 09:37:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e2e4415c6d4a94ce92530fdd116ee161 (1 x SystemBC)
ssdeep 98304:/B853MGVQj4NoTQPxpl8SDI79SIcEj2gLmtGFG4nFDwAEtPqJkqdw6bDQ/:pIcGKeDxplo9F5LBFpMtiJkk8
Threatray 9 similar samples on MalwareBazaar
TLSH T1326623FD2248376CC45B88746433ED0AB2F6121F4BECD97E35CAB9C17BB6811A216B45
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter abuse_ch
Tags:dll exe signed SystemBC

Code Signing Certificate

Organisation:www.carboxyl.com
Issuer:www.carboxyl.com
Algorithm:sha256WithRSAEncryption
Valid from:2022-12-21T00:34:15Z
Valid to:2023-12-21T00:54:15Z
Serial number: 7e15529a23d362884c21834b5088cd98
Thumbprint Algorithm:SHA256
Thumbprint: 21fbfeda269a342e5a65180c8a205c0fdbb5c923e47d16b2a231cc1263e2a8ad
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
217
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
systembc
Create hunting rule
ID:
1
File name:
2f781ea76036a17bbd0c0f63be7cff12.dll
Verdict:
Malicious activity
Analysis date:
2022-12-24 08:18:34 UTC
Tags:
systembc
Link:
https://app.any.run/tasks/fd53a7ab-d6ba-4992-adae-7d4185bcdb7e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.64447199.2053.25114.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/63a6b580898959f356c5a8c7/reports/935ad607-0b81-4261-bfa9-2facaf59bfd6/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/cfd09546-0554-422c-8e96-bd5744ed0db5
Result
Threat name:
SystemBC
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/1140367
Signature
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
System process connects to network (likely due to code injection or exploit)
Tries to detect debuggers (CloseHandle check)
Tries to detect virtualization through RDTSC time measurements
Tries to evade analysis by execution special instruction (VM detection)
Yara detected SystemBC
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 773097 Sample: dYXFiGzywR.exe Startdate: 24/12/2022 Architecture: WINDOWS Score: 96 25 Malicious sample detected (through community Yara rule) 2->25 27 Multi AV Scanner detection for submitted file 2->27 29 Yara detected SystemBC 2->29 31 C2 URLs / IPs found in malware configuration 2->31 7 loaddll64.exe 1 2->7         started        process3 signatures4 39 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 7->39 41 Tries to evade analysis by execution special instruction (VM detection) 7->41 43 Tries to detect debuggers (CloseHandle check) 7->43 45 2 other signatures 7->45 10 rundll32.exe 7->10         started        13 rundll32.exe 7->13         started        15 cmd.exe 1 7->15         started        17 conhost.exe 7->17         started        process5 signatures6 47 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 10->47 49 Tries to detect debuggers (CloseHandle check) 10->49 51 Tries to detect virtualization through RDTSC time measurements 10->51 53 System process connects to network (likely due to code injection or exploit) 13->53 55 Hides threads from debuggers 13->55 19 rundll32.exe 15->19         started        process7 dnsIp8 23 89.22.236.225, 4193, 49714, 49715 INETLTDTR Russian Federation 19->23 33 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 19->33 35 Tries to detect debuggers (CloseHandle check) 19->35 37 Hides threads from debuggers 19->37 signatures9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3acc979360b4496d3557182148b005a36f5334ea1b7efc42095c85aa0bf64372/
Threat name:
Win64.Trojan.Sybici
Create hunting rule
Status:
Malicious
First seen:
2022-12-24 00:59:34 UTC
File Type:
PE+ (Dll)
AV detection:
14 of 26 (53.85%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hlgjpe3awrew2nkxdaqurmafunxvgnhkdn7pyqqjlsc2uc7winza._file
Verdict:
malicious
Similar samples:
13d8b891a0f9c00af8c624a5bfd24f42d15fba3e19225d29b9af39cd9f8cea03
SystemBC
77cda0e40715ba31b558029eb58ca2684a265d684d23aa6993ce1faee2534842
SystemBC
9922432bfa7768bdfb6e8b079c90744c9f3d33a5a258a97abc8519f81a680e40
SystemBC
c1bf213d08c31ff5e897cf21a65a6140474c100bc16e10306a689529d8cb5570
SystemBC
c5d12c33011196ad0c414a2abf791b5f3d33c94b7aa1fc68de097ffb77519aff
SystemBC
ec0fc7c5cd56c65fa1f3abf388d318eb1a8fc2cc7a9de0799ab8b51db54d4361
SystemBC
Result
Malware family:
systembc
Create hunting rule
Score:
  10/10
Tags:
family:systembc trojan
Link:
https://tria.ge/reports/221224-j6qftahg43/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of NtSetInformationThreadHideFromDebugger
Blocklisted process makes network request
SystemBC
Malware Config
C2 Extraction:
89.22.236.225:4193
176.124.205.5:4193
Unpacked files
SH256 hash:
3acc979360b4496d3557182148b005a36f5334ea1b7efc42095c85aa0bf64372
MD5 hash:
2f781ea76036a17bbd0c0f63be7cff12
SHA1 hash:
b9b4c756949a038e87f4efd3569ba12c41a8e810
Link:
https://www.unpac.me/results/cfeb1649-d173-4645-8251-dc9f0e306fa1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.11
Link:
https://yomi.yoroi.company/submissions/3acc979360b4496d3557182148b005a36f5334ea1b7efc42095c85aa0bf64372

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SystemBC

Executable exe 3acc979360b4496d3557182148b005a36f5334ea1b7efc42095c85aa0bf64372

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2484909/
  
Delivery method
Distributed via web download

Comments