MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c7db61b397a28897ade5d4beaa84af510207cd5ff1b17feb6e82c5f3c2df71e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SystemBC


Vendor detections: 15


Intelligence 15 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c7db61b397a28897ade5d4beaa84af510207cd5ff1b17feb6e82c5f3c2df71e
SHA3-384 hash: 0117981e4dfb0a02b868feddf064b7c300099d08cbcad9c0eae38ac47ab82ba77c714f8e8730b74b0931b96bbd4155be
SHA1 hash: a6d5a4334aa337a5e578292a64e70741b0ae0657
MD5 hash: ffc6e86b94a45cd05eb5b249209970bd
humanhash: autumn-freddie-mountain-stream
File name:SecuriteInfo.com.Trojan.Packed.9434.374
Download: download sample
Signature SystemBC
Create hunting rule
File size:3'045'376 bytes
First seen:2024-09-15 16:27:53 UTC
Last seen:2024-09-25 12:35:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1e5a4769bafbf8d68687235e0a241fea (1 x SystemBC)
ssdeep 49152:U1AQHSED94jNTvu4OjPlH8h6dd3memJ8UJQ9Od8PATX+8qbyyuF7DiyanYgaxxlW:SAQHSER4jNzcjtchGd3mem94EQH
TLSH T16DE5C0F2CB21165FF8860A79E2040B874568A3708A536859F7D52CED42F69E5C3FD32B
TrID 36.9% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
19.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
12.4% (.EXE) Win64 Executable (generic) (10523/12/4)
7.7% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
5.9% (.EXE) Win16 NE executable (generic) (5038/12/1)
Magika pebin
Reporter SecuriteInfoCom
Tags:147-45-44-131 exe SystemBC

Intelligence

File Origin
# of uploads :
2
# of downloads :
383
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
systembc
Create hunting rule
ID:
1
File name:
3c7db61b397a28897ade5d4beaa84af510207cd5ff1b17feb6e82c5f3c2df71e
Verdict:
Malicious activity
Analysis date:
2024-09-15 17:15:40 UTC
Tags:
systembc proxy botnet
Link:
https://app.any.run/tasks/ecec3230-9a85-43ad-81c0-4273865d732a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.Packed.9434.374.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66e70b2471e91b3281b9fd0b
Tags:
Static
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug cerberus fingerprint virus
Link:
https://www.filescan.io/uploads/66e70b1dd2758b8668ba075d/reports/57240da8-7bb6-45a3-aa00-05c318d060b3/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/3c7db61b397a28897ade5d4beaa84af510207cd5ff1b17feb6e82c5f3c2df71e
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/f8893fc7-ab09-47f0-862c-b5be22cfa0af
Result
Threat name:
SystemBC
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/1511539
Signature
AI detected suspicious sample
Antivirus / Scanner detection for submitted sample
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected SystemBC
Behaviour
Behavior Graph:
Download SVG
Score:
98%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/3c7db61b397a28897ade5d4beaa84af510207cd5ff1b17feb6e82c5f3c2df71e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3c7db61b397a28897ade5d4beaa84af510207cd5ff1b17feb6e82c5f3c2df71e/
Threat name:
Win32.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2024-08-28 19:58:52 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
22 of 38 (57.89%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hr63mgzzpiuis6w6lvf6vkck6uica7gv74nrp7vw5awf6pbn64pa._file
Verdict:
malicious
Result
Malware family:
systembc
Create hunting rule
Score:
  10/10
Tags:
family:systembc discovery trojan
Link:
https://tria.ge/reports/240915-tynblatbjp/
Behaviour
System Location Discovery: System Language Discovery
SystemBC
Malware Config
C2 Extraction:
66.85.173.12:443
23.131.216.131:443
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/ae1e480e-f852-4f7e-9fc3-be610c3c82bd
Unpacked files
SH256 hash:
78262fcef8d65c04776b9b6a7042b008f237cf249ae1e6df3e4926ebaab309fe
MD5 hash:
043139598a2f7cd4f1c7fc3ed4f0b827
SHA1 hash:
1aa6742d376229cb90f06042712481646a350b4b
Link:
https://www.unpac.me/results/c3d1e9aa-1d0e-4a1f-8dc7-8126a61e1c86/
SH256 hash:
3c7db61b397a28897ade5d4beaa84af510207cd5ff1b17feb6e82c5f3c2df71e
MD5 hash:
ffc6e86b94a45cd05eb5b249209970bd
SHA1 hash:
a6d5a4334aa337a5e578292a64e70741b0ae0657
Link:
https://www.unpac.me/results/c3d1e9aa-1d0e-4a1f-8dc7-8126a61e1c86/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3c7db61b397a28897ade5d4beaa84af510207cd5ff1b17feb6e82c5f3c2df71e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Cerberus
Create hunting rule
Author:Jean-Philippe Teissier / @Jipe_
Description:Cerberus
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:reverse_http
Create hunting rule
Author:CD_R0M_
Description:Identify strings with http reversed (ptth)
Rule name:test_Malaysia
Create hunting rule
Author:rectifyq
Description:Detects file containing malaysia string
Rule name:unknown_dropper
Create hunting rule
Author:#evilcel3ri
Description:Detects an unknown dropper

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SystemBC

Executable exe 3c7db61b397a28897ade5d4beaa84af510207cd5ff1b17feb6e82c5f3c2df71e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3174372/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
SHELL_APIManipulates System ShellSHELL32.dll::SHGetNewLinkInfo
SHELL32.dll::SHGetNewLinkInfoA
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessA
KERNEL32.dll::CreateThreadpool
WIN_BASE_APIUses Win Base APIKERNEL32.dll::LoadLibraryA
KERNEL32.dll::GetDiskFreeSpaceExA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::ReadConsoleInputExA
KERNEL32.dll::SetConsoleTitleW
KERNEL32.dll::GetConsoleAliasExesW
KERNEL32.dll::GetConsoleFontSize
KERNEL32.dll::GetConsoleOriginalTitleA
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryA
KERNEL32.dll::CreateDirectoryW
SHELL32.dll::SHCreateDirectoryExA
KERNEL32.dll::CreateHardLinkA
KERNEL32.dll::DeleteFileTransactedW
KERNEL32.dll::MoveFileTransactedW
KERNEL32.dll::PrivMoveFileIdentityW

Comments