MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bbf513305c61fc5e26cbbe5a72931b5bc0feeb0d834a85edf99b5bf5a853feb4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SystemBC


Vendor detections: 16


Intelligence 16 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bbf513305c61fc5e26cbbe5a72931b5bc0feeb0d834a85edf99b5bf5a853feb4
SHA3-384 hash: fb2ac759a25f0f145fb91c6f2fb85a476f9676b1dace9b0c63a11479a9c5d2820ac79f566b40f45bebc85a562329c5e9
SHA1 hash: 0df44a8b7424787e6847435d39b42efd955020f6
MD5 hash: b97c5fb8ffe52136069acd188303d3c4
humanhash: west-oscar-lima-louisiana
File name:file
Download: download sample
Signature SystemBC
Create hunting rule
File size:1'624'064 bytes
First seen:2026-02-16 20:30:23 UTC
Last seen:2026-02-16 21:15:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2eabe9054cad5152567f0699947a2c5b (2'852 x LummaStealer, 1'312 x Stealc, 1'026 x Healer)
ssdeep 49152:xj8nlatbgR5gXH7lIk8ELqt69SQ5RTt9:xj80Ri5yHT5LW69SqTT
TLSH T176753370FE0B26B9E0B801F8E02B695BFF251A179BCC6C64050D90D3AAE77B5A3D5D50
TrID 28.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
25.5% (.EXE) Win32 Executable (generic) (4504/4/1)
11.6% (.ICL) Windows Icons Library (generic) (2059/9)
11.5% (.EXE) OS/2 Executable (generic) (2029/13)
11.3% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey exe fbf543 SystemBC


Avatar
Bitsight
url: http://130.12.180.43/files/748049926/ka0OL2S.exe

Intelligence

File Origin
# of uploads :
12
# of downloads :
217
Origin country :
US US
Vendor Threat Intelligence
No detections
Malware family:
systembc
Create hunting rule
ID:
1
File name:
_bbf513305c61fc5e26cbbe5a72931b5bc0feeb0d834a85edf99b5bf5a853feb4.exe
Verdict:
Malicious activity
Analysis date:
2026-02-16 20:31:31 UTC
Tags:
tas17 themida systembc proxyware
Link:
https://app.any.run/tasks/fd66ddfb-81e9-4b5e-a773-23fa437584b9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/53452/
Detection(s):
SecuriteInfo.com.Trojan.Lumma-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69937e930d0369ff9979fc74
Tags:
vmdetect autorun
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm anti-vm crypt evasive fingerprint masm obfuscated packed packed themidawinlicense
Link:
https://www.filescan.io/uploads/69937e93981ff1d38a57f842/reports/25443b96-9ba6-474c-9ed4-aa92d837087a/overview
Verdict:
Malicious
Labled as:
Zusy.Generic
Link:
https://www.hybrid-analysis.com/sample/bbf513305c61fc5e26cbbe5a72931b5bc0feeb0d834a85edf99b5bf5a853feb4
Verdict:
Malicious
File Type:
exe x32
Detections:
HEUR:Trojan-Ransom.Win32.Encoder.gen HEUR:Trojan.Win32.Generic Trojan-Proxy.Win32.Sybici.sb Trojan.Win64.Agent.sb
Link:
https://opentip.kaspersky.com/bbf513305c61fc5e26cbbe5a72931b5bc0feeb0d834a85edf99b5bf5a853feb4/results?tab=lookup
Malware family:
SystemBC
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c5693cac-272c-4040-ac33-983bd38e4b16
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/bbf513305c61fc5e26cbbe5a72931b5bc0feeb0d834a85edf99b5bf5a853feb4
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/b97c5fb8ffe52136069acd188303d3c4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bbf513305c61fc5e26cbbe5a72931b5bc0feeb0d834a85edf99b5bf5a853feb4/
Verdict:
Malicious
Threat:
Family.SYSTEMBC
Link:
https://tip.neiki.dev/file/bbf513305c61fc5e26cbbe5a72931b5bc0feeb0d834a85edf99b5bf5a853feb4
Threat name:
Win32.Infostealer.Tinba
Create hunting rule
Status:
Malicious
First seen:
2026-02-16 20:31:39 UTC
File Type:
PE (Exe)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xp2rgmc4mh6f4jwlxznhfey3lpap52ynqnfil3pztnn7lkct722a._file
Result
Malware family:
systembc
Create hunting rule
Score:
  10/10
Tags:
family:systembc defense_evasion discovery trojan
Link:
https://tria.ge/reports/260216-zas5tsdz6a/
Behaviour
Suspicious behavior: EnumeratesProcesses
System Location Discovery: System Language Discovery
Drops file in Windows directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks BIOS information in registry
Executes dropped EXE
Identifies Wine through registry keys
Identifies VirtualBox via ACPI registry values (likely anti-VM)
SystemBC
Systembc family
Malware Config
C2 Extraction:
headwindvariable.cc
endlessgrumbler.cc
Unpacked files
SH256 hash:
bbf513305c61fc5e26cbbe5a72931b5bc0feeb0d834a85edf99b5bf5a853feb4
MD5 hash:
b97c5fb8ffe52136069acd188303d3c4
SHA1 hash:
0df44a8b7424787e6847435d39b42efd955020f6
Link:
https://www.unpac.me/results/5fb13b64-b9bf-4839-a40a-8d1ec233715d/
SH256 hash:
d61d01c4146d618b7e22427887d287860173b0e73999ca7d8b16d45ba2fc84ac
MD5 hash:
3a7a19199899b5c6ebc8579c8843bb2d
SHA1 hash:
1d573d2a3f227b96a35f1cf7e44888d19ee8a8cf
Detections:
win_systembc_g1
Create hunting rule
SystemBC
Create hunting rule
Link:
https://www.unpac.me/results/5fb13b64-b9bf-4839-a40a-8d1ec233715d/
Malware family:
SystemBC
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/bbf513305c61/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bbf513305c61fc5e26cbbe5a72931b5bc0feeb0d834a85edf99b5bf5a853feb4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:meth_peb_parsing
Create hunting rule
Author:Willi Ballenthin
Rule name:vmdetect
Create hunting rule
Author:nex
Description:Possibly employs anti-virtualization techniques

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SystemBC

Executable exe bbf513305c61fc5e26cbbe5a72931b5bc0feeb0d834a85edf99b5bf5a853feb4

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3779136/
Cape
Cape
https://www.capesandbox.com/analysis/53452/

Comments