MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a245e07279488497a16ef86a6129b1bd8c72c18b37a2504bee743c528aab8da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SystemBC


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7a245e07279488497a16ef86a6129b1bd8c72c18b37a2504bee743c528aab8da
SHA3-384 hash: ddfd0e88df370ed2158b7892bc638dbe6173fed2c3c9b93ba42f75663401304f9c419bdaaf992d1fcf8a9871ed990df8
SHA1 hash: c5cc028d488b4a348091528f3089d04dac432eaf
MD5 hash: 55a4729b40ed4f2aaccb3d59ddf80d95
humanhash: lake-delaware-seventeen-enemy
File name:55a4729b40ed4f2aaccb3d59ddf80d95.exe
Download: download sample
Signature SystemBC
Create hunting rule
File size:154'624 bytes
First seen:2020-07-31 09:58:17 UTC
Last seen:2020-07-31 12:44:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5dae51f75c911af493aad5824743031e (3 x SystemBC)
ssdeep 1536:nwQc1tBpzMpqgP/aDy3aygnjgR2wD4VZP6v9h5pSVtBiqU:nwQci+njgr0uvH5U9pU
TLSH 92E3CF253A41C133C06790719465CAB2E73AAC3376A5DE07379466AE2F722D3AB37347
Reporter abuse_ch
Tags:exe SystemBC


Avatar
abuse_ch
SystemBC C2:
89.203.251.227:4035

Intelligence

File Origin
# of uploads :
2
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/36410/
Detection(s):
SecuriteInfo.com.Generic.mg.55a4729b40ed4f2a.15155.UNOFFICIAL
Create hunting rule

Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/405835
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for dropped file
Machine Learning detection for sample
May use the Tor software to hide its network traffic
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7a245e07279488497a16ef86a6129b1bd8c72c18b37a2504bee743c528aab8da/
Threat name:
Win32.Trojan.Glubpteba
Create hunting rule
Status:
Malicious
First seen:
2020-07-31 10:00:07 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pisf4bzhssees6qw56dkmeu3dpmmolaywn5ckbf645b4kkfkxdna._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200731-nl6gv8d7tn/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Drops file in Windows directory
Drops file in Windows directory
Executes dropped EXE
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7a245e07279488497a16ef86a6129b1bd8c72c18b37a2504bee743c528aab8da

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SystemBC

Executable exe 7a245e07279488497a16ef86a6129b1bd8c72c18b37a2504bee743c528aab8da

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/36410/
  
URLhaus
https://urlhaus.abuse.ch/url/422734/
  
Delivery method
Distributed via web download

Comments