MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f8fd85bcb3dbb5d82d3194a2ac9742a8f0696685b69d425b1384d29e2260bf3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SystemBC

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	4f8fd85bcb3dbb5d82d3194a2ac9742a8f0696685b69d425b1384d29e2260bf3
SHA3-384 hash:	8258dd6c89aac0f0afcec54331fc061c2a158f5f42d80abf87bf14e2e1fdead57e6cdbca7ad874dcd844fa402a3cf95f
SHA1 hash:	478e292f63cacdc9d43e095ce5ef7a3accb68cde
MD5 hash:	c28c72944827aecc6e64211f91d082cd
humanhash:	georgia-salami-purple-speaker
File name:	c28c72944827aecc6e64211f91d082cd.exe
Download:	download sample
Signature	SystemBC Create hunting rule
File size:	2'082'904 bytes
First seen:	2022-02-03 08:52:35 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	872b100893e71f42afaaaf7ec1213694 (1 x SystemBC)
ssdeep	49152:pTLOo2UHbZL1t4l9x5RJRDRZRw4A3NJxSVNp/:p3Oo20R1al9R3DNHA3NJEl
Threatray	9'015 similar samples on MalwareBazaar
TLSH	T144A522567360D5CFE82A0A78892225B307637CAAAE71E55F70487B0F0CF1742457BBA7
File icon (PE):
dhash icon	18ecfaccdcb2b2e6 (1 x SystemBC, 1 x CoinMiner)
Reporter	abuse_ch
Tags:	exe signed SystemBC

Code Signing Certificate

Organisation:	Kingston Fury Beast DDR4 2x16Gb CEK432C16BBK2/32
Issuer:	Kingston Fury Beast DDR4 2x16Gb CEK432C16BBK2/32
Algorithm:	sha1WithRSAEncryption
Valid from:	2022-02-01T18:33:11Z
Valid to:	2032-02-02T18:33:11Z
Serial number:	55914253862f86a947f239773c27e94e
Thumbprint Algorithm:	SHA256
Thumbprint:	bdf4572b3d316fc74082421278270a479efce04b395129a02b15c07ea4ed4a94
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

186

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

http://uploaditem.xyz/sigthiefs1.exe

Verdict:

Malicious activity

Analysis date:

2022-02-03 01:05:21 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/db13379a-be34-41e8-8129-5a30ea9bcdc2

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

SystemBC

Link:

https://www.capesandbox.com/analysis/231818/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.38864280.15722.15026.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Creating a window

Searching for analyzing tools

Сreating synchronization primitives

Creating a file

Searching for synchronization primitives

DNS request

Sending a custom TCP request

Enabling autorun by creating a file

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

control.exe overlay packed

Link:

https://www.filescan.io/uploads/61fb980218d1bfdde4eef629/reports/461df4fa-3bf2-4e71-86bf-8eea5ac25ee7/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/080c21a5-d6f8-4097-aec9-8ee61d3abaca

Result

Threat name:

SystemBC

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/933345

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4f8fd85bcb3dbb5d82d3194a2ac9742a8f0696685b69d425b1384d29e2260bf3/

Threat name:

Win32.Backdoor.SystemBC

Status:

Malicious

First seen:

2022-02-02 21:10:47 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

21 of 28 (75.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=j6h5qw6lhw5v3awtdffcvslufkhqnftilnu5ijnrhbgstyrgbpzq._file

Verdict:

malicious

SystemBC

31766eecb30b54ce96546c75d37a133ee490b808e71b99c59b2e0cf703a27553

SystemBC

32bbafcfeb06498d54fd75c87947404055dc95c7baefb381fe49de79d4a47065

SystemBC

38cfb802b835e2f9129680bbcbe93248ad21659931b8230e9c2109b3b496a873

SystemBC

7cad51a346a2c1441d4f87e9c4f848a61ba22506926fdeff1c0d315dfca515be

SystemBC

b8338eda2c7390860da3bd4a37104b409235131406d9b4d30a78b5d4189cf317

SystemBC

b94115f5638021ccf653c3de4c947632560d95d967d64b7b84860e813a8f692a

SystemBC

ed58793bc31fa9098152a7d5e1e473ab50be287577f639f031aa9adffc040103

SystemBC

f960b96c81f71d848a119d18aa4074ecaa71e39086a611f2dc637d579b9f6afa

SystemBC

+ 9'005 additional samples on MalwareBazaar

Result

Malware family:

systembc

Score:

10/10

Tags:

family:systembc evasion trojan

Link:

https://tria.ge/reports/220203-ktdrxsegam/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Drops file in Windows directory

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks whether UAC is enabled

Checks BIOS information in registry

Identifies VirtualBox via ACPI registry values (likely anti-VM)

SystemBC

Unpacked files

SH256 hash:

957c078fdbcf3f471b397f74e91708598bf6b64c3cd6d5bf199cdc2c5d9dd0cd

MD5 hash:

dbd299386324cc1b3ff47ed1f215c945

SHA1 hash:

f756c4d3cf314198025b0a693dd7432f71bc4e1c

Link:

https://www.unpac.me/results/583b0375-8f56-456a-90b8-d01b256871e6/

SH256 hash:

4f8fd85bcb3dbb5d82d3194a2ac9742a8f0696685b69d425b1384d29e2260bf3

MD5 hash:

c28c72944827aecc6e64211f91d082cd

SHA1 hash:

478e292f63cacdc9d43e095ce5ef7a3accb68cde

Link:

https://www.unpac.me/results/583b0375-8f56-456a-90b8-d01b256871e6/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/4f8fd85bcb3dbb5d82d3194a2ac9742a8f0696685b69d425b1384d29e2260bf3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SystemBC

exe 4f8fd85bcb3dbb5d82d3194a2ac9742a8f0696685b69d425b1384d29e2260bf3

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2023819/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/231818/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample