MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 63e7464225916f05a6dc4576721fae7a3a449fdab81072f28ba9a4bf5e9a54f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SystemBC


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 63e7464225916f05a6dc4576721fae7a3a449fdab81072f28ba9a4bf5e9a54f9
SHA3-384 hash: 03a4cc0ad7f9c25ca78551e9837bae0807e3d937a9d93879b7b0a025b5821946e8b0b01e75dc079ff43fcbd5b58509c1
SHA1 hash: 8a7827bb2ecc1a57f23a489f034d7c9629523eaf
MD5 hash: 0e23988a7ad64e9f03a2a7c3e9637330
humanhash: hot-virginia-beer-friend
File name:soc13.exe
Download: download sample
Signature SystemBC
Create hunting rule
File size:125'952 bytes
First seen:2020-10-15 18:26:18 UTC
Last seen:2020-10-15 18:57:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2609c57e431ac93c0c93c014a8028ea9 (1 x SystemBC)
ssdeep 1536:WBVmipLcaKPq7Rikrpt0wjJkNkY3yJ5bqT1eFEI+10oFyJUQukbRevFs:whLcp2vTj23yJ5b21JFyJUXKRed
Threatray 20 similar samples on MalwareBazaar
TLSH 3CC37B1135D2FCB2D5A6293148B0DE910A7BFC729B7412CB37982A6E9F702C07A35B57
Reporter James_inthe_box
Tags:exe SystemBC

Intelligence

File Origin
# of uploads :
2
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/71568/
Detection(s):
SecuriteInfo.com.Artemis0E23988A7AD6.17234.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file
Creating a process from a recently created file
Creating a process with a hidden window
DNS request
Sending a custom TCP request
Enabling autorun by creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/492925
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for dropped file
Machine Learning detection for sample
May use the Tor software to hide its network traffic
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/63e7464225916f05a6dc4576721fae7a3a449fdab81072f28ba9a4bf5e9a54f9/
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 18:26:10 UTC
File Type:
PE (Exe)
Extracted files:
9
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mptumqrfsfxqljw4iv3heh5opi5ejh62xaihf4ulvgsl6xu2kt4q._file
Verdict:
malicious
Similar samples:
142a2de7157729abf8612c21e0adf05cc33e9b6d479b364e2e1d4073b89c110e
SystemBC
2000a32ad4e07b435995d624b4406ed34700f0754040a36ad3bbc8190f9c9495
SystemBC
20354da385cfab5a5c82e9b8398becf43eba43b93b48f97a64b4560a04a2012b
SystemBC
318e0bd67ccbf40f50b848831fb2885b161e68acdfaaa0c619c79b3912af2ecd
SystemBC
8ceee34b010701c3745db2e9868c68902440d951d7c2dbe383ee2c25d5aa20dc
SystemBC
dba174d5ff22c6f4b3969a5dfd3dd66026a4f60d6ec73f5105c312f66ec2a6af
SystemBC
e7174b9891b41bf0459fd6fe3f6ab5c63aa5ab4883b02d32325dd19f6d1ed71f
SystemBC
e86c00bb96428b8c113169da2c996f457ed22467c5ad998e87bb48b65e98ab36
SystemBC
f0562d49226fc4776a7991b14f43b2c7a572ae276adef3d3dc3678b8b0894401
SystemBC
febba30f2321bffeee1f57eacc46fef35eac9d7f9745125c64efee1c0d4cd4e2
SystemBC
+ 10 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/201015-dwjy89aftx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Executes dropped EXE
Unpacked files
SH256 hash:
9429e9388088b0a1e95efd24117f78d6f9885959e24cb07aec24b1e045b2a7de
MD5 hash:
e088afedb4638f8da363acc9452fa359
SHA1 hash:
5e37751ae3bd6e10ce4db86daa4aa377d2b02a55
Link:
https://www.unpac.me/results/38f5e1a7-ea99-478e-b3e4-7806ee63107e/
SH256 hash:
63e7464225916f05a6dc4576721fae7a3a449fdab81072f28ba9a4bf5e9a54f9
MD5 hash:
0e23988a7ad64e9f03a2a7c3e9637330
SHA1 hash:
8a7827bb2ecc1a57f23a489f034d7c9629523eaf
Link:
https://www.unpac.me/results/38f5e1a7-ea99-478e-b3e4-7806ee63107e/
SH256 hash:
19e9b8b2a9904e0fa4efbc99a2e0f8caca857a387c47658e223dbf0c1c60d7be
MD5 hash:
d3e3c36930852934727c19e669ac1a5e
SHA1 hash:
96cc45e0f46ba636e7f8bf7b9a91a7174c73f228
Detections:
win_systembc_g0
Create hunting rule
win_systembc_auto
Create hunting rule
Link:
https://www.unpac.me/results/38f5e1a7-ea99-478e-b3e4-7806ee63107e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/63e7464225916f05a6dc4576721fae7a3a449fdab81072f28ba9a4bf5e9a54f9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/71568/

Comments