MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aaf1787a98de070ce8b558155b7f9a36e779bc21552f8ae6b39fdab275d9f7c0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SystemBC


Vendor detections: 9


Intelligence 9 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aaf1787a98de070ce8b558155b7f9a36e779bc21552f8ae6b39fdab275d9f7c0
SHA3-384 hash: 23ea092ab453971e5aaae43f18a2992fd163f864d347c594ef7cf6fd8a991ee06b4d65b96783f1425dd77d21e715c440
SHA1 hash: 48baefe376fd4181f786078e8aa1599c1ae9c899
MD5 hash: f64b4989e48381bc2aa0ffba6463db7b
humanhash: berlin-neptune-beryllium-three
File name:index.xls
Download: download sample
Signature SystemBC
Create hunting rule
File size:92'672 bytes
First seen:2021-03-03 20:38:44 UTC
Last seen:2021-03-03 22:37:16 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 21d14d65f0825def0562fe705e82846e (1 x SystemBC)
ssdeep 1536:MVfWJa1hHzQRk04ivcZ/ZmmU90XvS/tYbP/S0Uhk:OfWs8Rk0nvG/ZjSSbP/SHhk
Threatray 106 similar samples on MalwareBazaar
TLSH 1D935C18B299C4A0E5E41334CAC31F38E36F95C41460116B75A6BFDDBFAA3D1BD1B298
Reporter lazyactivist192
Tags:dll SilentBuilder SystemBC tr

Intelligence

File Origin
# of uploads :
2
# of downloads :
174
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/122112/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Save.a.5917.12376.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
21 / 100
Link:
https://www.joesandbox.com/analysis/626714
Signature
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aaf1787a98de070ce8b558155b7f9a36e779bc21552f8ae6b39fdab275d9f7c0/
Threat name:
Win32.Trojan.GenericML
Create hunting rule
Status:
Malicious
First seen:
2021-03-03 20:39:05 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vlyxq6uy3ydqz2fvlakvw742g3txtpbbkuxyvzvtt7nle5oz67aa._file
Verdict:
malicious
Similar samples:
000ce16aa593d3de6ee74dc23d0ef231a77383c7545990d32c47f038314d0051
SystemBC
08fd0983b9d0d9cd5947e885da8031fdf54d02a89a5d274e1c18bc8967bdde00
SystemBC
318e0bd67ccbf40f50b848831fb2885b161e68acdfaaa0c619c79b3912af2ecd
SystemBC
63e7464225916f05a6dc4576721fae7a3a449fdab81072f28ba9a4bf5e9a54f9
SystemBC
8ceee34b010701c3745db2e9868c68902440d951d7c2dbe383ee2c25d5aa20dc
SystemBC
91647ac947d5d5d3a0dc69e98070bfc2f9841d7839b579d69c524b02869a497f
SystemBC
9e5f370201251e8dc138678f8e0d4f0bdd75e1353edcc77d41c8401621c2c671
SystemBC
e7174b9891b41bf0459fd6fe3f6ab5c63aa5ab4883b02d32325dd19f6d1ed71f
SystemBC
e86c00bb96428b8c113169da2c996f457ed22467c5ad998e87bb48b65e98ab36
SystemBC
f0562d49226fc4776a7991b14f43b2c7a572ae276adef3d3dc3678b8b0894401
SystemBC
+ 96 additional samples on MalwareBazaar
Result
Malware family:
systembc
Create hunting rule
Score:
  10/10
Tags:
family:systembc trojan
Link:
https://tria.ge/reports/210303-l815xsjb2x/
Behaviour
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
SystemBC
SystemBC Payload
Unpacked files
SH256 hash:
150e9c17023518a642f75b2be14473defa8f22ca1fa5e11e33073dc93d48e79c
MD5 hash:
7ed6af94658937d864c3973dcd1f0c3d
SHA1 hash:
7a8ac3ee17e042e466a29eebd803e46a772616fb
Detections:
win_systembc_g0
Create hunting rule
win_systembc_auto
Create hunting rule
Link:
https://www.unpac.me/results/677dc3e3-cc7e-488a-9d4d-3df51a303821/
SH256 hash:
aaf1787a98de070ce8b558155b7f9a36e779bc21552f8ae6b39fdab275d9f7c0
MD5 hash:
f64b4989e48381bc2aa0ffba6463db7b
SHA1 hash:
48baefe376fd4181f786078e8aa1599c1ae9c899
Link:
https://www.unpac.me/results/677dc3e3-cc7e-488a-9d4d-3df51a303821/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/aaf1787a98de070ce8b558155b7f9a36e779bc21552f8ae6b39fdab275d9f7c0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MALWARE_Win_EXEPWSH_DLAgent
Create hunting rule
Author:ditekSHen
Description:Detects downloader agent, using PowerShell
Rule name:Start2__mem
Create hunting rule
Author:James_inthe_box
Description:SystemBC
Reference:7bd341488dc6f01a6662ac478d67d3cd8211cbf362994355027b5bdf573cc31e
Rule name:win_systembc_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/122112/

Comments