MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 553dbdc0da9fac50f5ce3e8006e060ac0c6d8fef73d4942df4fa02202ecd5616. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SystemBC


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 553dbdc0da9fac50f5ce3e8006e060ac0c6d8fef73d4942df4fa02202ecd5616
SHA3-384 hash: a4754cf240e32d72f0537713475910cc1faea9e36029e2cb4641c0ba1e266b8309f624f2eefb784cbfe702bf9aaca579
SHA1 hash: f6f79fa456963555884df0ccc5b0931b69e81333
MD5 hash: f6f4770d6ef84140477aa0381f15155b
humanhash: paris-pip-carbon-mobile
File name:f6f4770d6ef84140477aa0381f15155b.exe
Download: download sample
Signature SystemBC
Create hunting rule
File size:2'027'192 bytes
First seen:2022-02-07 08:19:46 UTC
Last seen:2022-02-07 09:54:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2540fde99aa24a9d3b4d654107e1afc7 (1 x SystemBC)
ssdeep 24576:EqwIcocK1/uHNlnnNySx9WyRHPMyXRzP24557lhST1cj4hMA5D9HKMI4xVMpAnEg:EqwmcK1Wtl/xI6vXRfw1C2fI4xVM3cr
Threatray 9'078 similar samples on MalwareBazaar
TLSH T1AB9522523395C1CFE86806349D46A0B54AD23CA6AE65F3FB7285BF4F00F1A858837F65
File icon (PE):PE icon
dhash icon c48cc93339ccd870 (3 x CoinMiner, 1 x SystemBC)
Reporter abuse_ch
Tags:exe signed SystemBC

Code Signing Certificate

Organisation:Kingston Fury Beast DDR4 2x16Gb CBK432C16BBK2/32
Issuer:Kingston Fury Beast DDR4 2x16Gb CBK432C16BBK2/32
Algorithm:sha1WithRSAEncryption
Valid from:2022-02-01T16:01:55Z
Valid to:2032-02-02T16:01:55Z
Serial number: 5b4e7be07f39db934ba08b5d46d31793
Thumbprint Algorithm:SHA256
Thumbprint: c6a32088693068653baedd3eaa9174d77b5414421e7a58dd2060c8e5ddafd2aa
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
154
Origin country :
n/a
Vendor Threat Intelligence
Detection:
SystemBC
Create hunting rule
Link:
https://www.capesandbox.com/analysis/234131/
Detection(s):
SecuriteInfo.com.Trojan.MalPack.Obsidium.3361.1934.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Searching for analyzing tools
Сreating synchronization primitives
Creating a file
Searching for synchronization primitives
DNS request
Sending a custom TCP request
Enabling autorun by creating a file
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe overlay packed
Link:
https://www.filescan.io/uploads/6200d63a31f00fad9db37b55/reports/48e363c1-a782-479d-99e8-bf185a183b0b/overview
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9c3d9575-4280-416d-a6a9-43d53c670bf3
Result
Threat name:
SystemBC
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/934976
Signature
Hides threads from debuggers
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to evade analysis by execution special instruction which cause usermode exception
Yara detected SystemBC
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/553dbdc0da9fac50f5ce3e8006e060ac0c6d8fef73d4942df4fa02202ecd5616/
Threat name:
Win32.Backdoor.Systembc
Create hunting rule
Status:
Malicious
First seen:
2022-02-06 02:30:19 UTC
File Type:
PE (Exe)
Extracted files:
69
AV detection:
19 of 43 (44.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ku633qg2t6wfb5ooh2aanydavqgg3d7popkjilpu7ibcalwnkyla._file
Verdict:
unknown
Similar samples:
00427344e070941ca266d725e67a57688ae7676b6bf3f71b98bf13292f1c8ae5
SystemBC
18a991ca66e5a2f3ba4b92dd18171eaa5f7306b8cd7d9aa461e4aaef158e7b5c
SystemBC
28f5fa7118d4f1866643d781c3fee5cb4507f3d268c263ef40551d527da2c330
SystemBC
31766eecb30b54ce96546c75d37a133ee490b808e71b99c59b2e0cf703a27553
SystemBC
3a82687b1b73032f1a3477008b681f5ef3cacac2d7cf53370af2927ddeb98047
SystemBC
4f8fd85bcb3dbb5d82d3194a2ac9742a8f0696685b69d425b1384d29e2260bf3
SystemBC
cca8cc07c5f45d3be159d464d5ca34cef9f4d16b6c7fc5d4a35276e4887d52bc
SystemBC
+ 9'068 additional samples on MalwareBazaar
Result
Malware family:
systembc
Create hunting rule
Score:
  10/10
Tags:
family:systembc evasion trojan
Link:
https://tria.ge/reports/220207-j8fdmahgcp/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Drops file in System32 directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks whether UAC is enabled
Checks BIOS information in registry
Identifies VirtualBox via ACPI registry values (likely anti-VM)
SystemBC
Unpacked files
SH256 hash:
5f919042fd0febc72f17190c61ccc4055aa20f4f69efb586ec83ec83d52c1058
MD5 hash:
79d4deed706e928857c937b725bf68be
SHA1 hash:
601f4b0236572a6583faff4e81662e5c7e4af1cd
Link:
https://www.unpac.me/results/ee7c2b74-9392-4f75-a5a1-bd2f3e7d1ce6/
SH256 hash:
553dbdc0da9fac50f5ce3e8006e060ac0c6d8fef73d4942df4fa02202ecd5616
MD5 hash:
f6f4770d6ef84140477aa0381f15155b
SHA1 hash:
f6f79fa456963555884df0ccc5b0931b69e81333
Link:
https://www.unpac.me/results/ee7c2b74-9392-4f75-a5a1-bd2f3e7d1ce6/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/234131/

Comments