MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bbaf5140518acfc1cd69cc595184869b0f6adda59134f83566393bc3435fb9d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SystemBC


Vendor detections: 11


Intelligence 11 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bbaf5140518acfc1cd69cc595184869b0f6adda59134f83566393bc3435fb9d3
SHA3-384 hash: 5d7c41ef9aa657f46868110299a4201e537e06ab8781ae679f8f93cd823a8ac236aca2fc8642b1fd5d3943ef719a4976
SHA1 hash: 781ecc1f27da4f8177271a3265ba16df605989b1
MD5 hash: 046ec1348aa8b770b48b9b4530d2d407
humanhash: spaghetti-wolfram-lake-speaker
File name:file
Download: download sample
Signature SystemBC
Create hunting rule
File size:200'192 bytes
First seen:2023-02-07 15:58:31 UTC
Last seen:2023-02-07 16:47:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash af0a92fe52cf161a7b179d1f32aa9186 (2 x RedLineStealer, 2 x RecordBreaker, 1 x Smoke Loader)
ssdeep 3072:eYQO2z+akvRzLGFK4W2bB5QBfzr+JtIBCvN9LvR+u2JAzwxII:eYQnOLSK4+x3Yt2CXV+hAMx
Threatray 2'292 similar samples on MalwareBazaar
TLSH T13514D03336D0C0B2C5B765301820DBA66BBEB9310679C95BBBA8176E4F706D1673A347
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 916a6e6a6a6a6a60 (15 x RedLineStealer, 14 x Smoke Loader, 5 x RecordBreaker)
Reporter jstrosch
Tags:exe SystemBC

Intelligence

File Origin
# of uploads :
2
# of downloads :
213
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
No threats detected
Analysis date:
2023-02-07 15:59:08 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/611dfd62-efca-4365-8da9-8531eee5547e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
SystemBC
Create hunting rule
Link:
https://www.capesandbox.com/analysis/361429/
Detection(s):
SecuriteInfo.com.MSIL-56.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Creating a window
Searching for the window
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/63e2754d1c9cbf7d62567014/reports/2a39a5ee-3a6d-4498-9f15-725d88d98c48/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/bbaf5140518acfc1cd69cc595184869b0f6adda59134f83566393bc3435fb9d3
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
SystemBC
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1c3c1a00-06d5-4389-a19b-a4e041c7c3ab
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1167843
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bbaf5140518acfc1cd69cc595184869b0f6adda59134f83566393bc3435fb9d3/
Threat name:
Win32.Trojan.Raccoon
Create hunting rule
Status:
Malicious
First seen:
2023-02-07 15:59:10 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
23 of 26 (88.46%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xoxvcqcrrlh4dtljzrmvdbegtmhwvxnfse2pqnlghe54gq27xhjq._file
Verdict:
malicious
Similar samples:
01a09f4a93941e4d0d1afabb4f49f7aa1b9f91cc202cc1d7eba5ca52ebecd317
SystemBC
0e5a2fe272129c522049bdd7a506d754826d8342ea7cfe1c1a3c23c81a2d17e4
SystemBC
5f7e979a53d8b78267258ee24d9ce34952da71f19f83e2086fda274464bebb74
SystemBC
670ebc347dd7d79c1736cec1f2e8e517dfab7227f14dabbecbd7eda139642175
SystemBC
77f19ea2e98aa20589c1196037c0ec3bcb2936b4c1e53fd89c1a22697c8d31c6
SystemBC
7f16d75ab9194daccc8d30d9fe3e86a0e9fe7c74a177954825f2d60d5adbe0cb
SystemBC
948b3f47df991c93af3b13dcf6ad0ce272973e8c04c765e3433851931f0881a6
SystemBC
9546cd73e23c5cd64f462ed61097c7df0ac48c64ffe3a907cc0a97b6747fd4e0
SystemBC
c9df15c0e5c17d79b64b4075b6b5f8d44f66f50744c138e6c95bd55097218c11
SystemBC
d5944f9bffd8cad91929489be3d18cfc334ab97956a629ff3abeaf126833e2b6
SystemBC
+ 2'282 additional samples on MalwareBazaar
Result
Malware family:
systembc
Create hunting rule
Score:
  10/10
Tags:
family:systembc trojan
Link:
https://tria.ge/reports/230207-te3l6sff9v/
Behaviour
SystemBC
Malware Config
C2 Extraction:
144.76.223.74:443
Unpacked files
SH256 hash:
657f8a17319077af7681b4ef3a1a3d8786501d96a91e00deff28374c2d86df39
MD5 hash:
6870803f0a6735b08fac8196637ca964
SHA1 hash:
8af323b9f56ca67444af3f3e0db4ba0fb996ffbc
Link:
https://www.unpac.me/results/b39f4616-d82e-441a-a7f3-b9dd2650d78f/
SH256 hash:
bbaf5140518acfc1cd69cc595184869b0f6adda59134f83566393bc3435fb9d3
MD5 hash:
046ec1348aa8b770b48b9b4530d2d407
SHA1 hash:
781ecc1f27da4f8177271a3265ba16df605989b1
Link:
https://www.unpac.me/results/b39f4616-d82e-441a-a7f3-b9dd2650d78f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bbaf5140518acfc1cd69cc595184869b0f6adda59134f83566393bc3435fb9d3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB
Rule name:Start2__bin
Create hunting rule
Author:James_inthe_box
Description:SystemBC
Reference:7bd341488dc6f01a6662ac478d67d3cd8211cbf362994355027b5bdf573cc31e
Rule name:SystemBC_Socks
Create hunting rule
Author:@bartblaze
Description:Identifies SystemBC RAT, Socks proxy version.
Rule name:Windows_Trojan_Smokeloader_3687686f
Create hunting rule
Author:Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SystemBC

Executable exe bbaf5140518acfc1cd69cc595184869b0f6adda59134f83566393bc3435fb9d3

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/361429/

Comments