MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c81d0001db2319c3774dff80f346801f493b45c92bd4e825895495158fdf2e9d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SystemBC


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c81d0001db2319c3774dff80f346801f493b45c92bd4e825895495158fdf2e9d
SHA3-384 hash: 42146196a0a8e2a6186899d8cffabfdc61f5d0da42ddc50a7958ce14a98eeaffd98b263b3ee6ae617f42e0517e07ab7c
SHA1 hash: b43458ce3f62cddc7d9f4b881e68b83c09de20d4
MD5 hash: 0d36a4e578fadabccbe15db03c722f6a
humanhash: winner-kansas-social-sad
File name:0d36a4e578fadabccbe15db03c722f6a.exe
Download: download sample
Signature SystemBC
Create hunting rule
File size:1'492'984 bytes
First seen:2023-01-19 12:37:52 UTC
Last seen:2023-01-19 14:31:40 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d8e1ce6efe964fd86ad73408ea71ada5 (2 x SystemBC, 1 x RedLineStealer)
ssdeep 24576:aaRWQtfxeCrudvcqhUN+N34UrNQwJho3ndFQhmu5NOVR5y6XA7j6y5vxp:vRtxeCr/qhz4UxQwvo3QrOj5y6wCy5vf
Threatray 26 similar samples on MalwareBazaar
TLSH T106652309AB9694A7E0629531E02F795422241E3C6D53C7B6FFA9B6033DB3BC0E137974
TrID 42.7% (.EXE) Win32 Executable (generic) (4505/5/1)
19.2% (.EXE) OS/2 Executable (generic) (2029/13)
19.0% (.EXE) Generic Win/DOS Executable (2002/3)
18.9% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon 63e08e969ee6f823 (4 x LaplasClipper, 3 x SystemBC, 1 x Amadey)
Reporter abuse_ch
Tags:exe signed SystemBC

Code Signing Certificate

Organisation:www.self-confidence.com
Issuer:www.self-confidence.com
Algorithm:sha256WithRSAEncryption
Valid from:2023-01-17T18:08:52Z
Valid to:2024-01-17T18:28:52Z
Serial number: 421e72316c1e5a8b478fe04c60cba3a7
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: ab833382fd7c1a2c31c15d1c8277ec523fdcacc937aaae15e479c8151b0dc05a
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
199
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
0d36a4e578fadabccbe15db03c722f6a.exe
Verdict:
Malicious activity
Analysis date:
2023-01-19 12:43:24 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2be368dc-1443-4e69-9c14-30d143d5cbc7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
SystemBC
Create hunting rule
Link:
https://www.capesandbox.com/analysis/354489/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.65040787.31708.17101.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Sending a custom TCP request
Creating a window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/63c939adbda854045c19566e/reports/a1f396a4-982a-449e-bc28-f643fd330a3e/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
SystemBC
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2e071c4f-5206-4806-a3dc-58d85f5269fb
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1154620
Signature
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c81d0001db2319c3774dff80f346801f493b45c92bd4e825895495158fdf2e9d/
Threat name:
Win32.Backdoor.Systembc
Create hunting rule
Status:
Malicious
First seen:
2023-01-17 19:01:53 UTC
File Type:
PE (Exe)
Extracted files:
12
AV detection:
20 of 37 (54.05%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zaoqaao3emm4g52n76apgruad5etwrojfpkoqjmjkskrld67f2oq._file
Verdict:
malicious
Similar samples:
20ac0c20a2ef71864092cdbcdb32bb637cf76abd2ebfc5b351a6c188b9dfd05d
SystemBC
435f78485834e4137984372900acb85e4b1ccc277cfd45fbc87476364f546fbb
SystemBC
4d59d088de40abcfd78f88d45009dbfdd14d9df76b718bc1c27241ec2807ef8d
SystemBC
59d84ed47893f3f3b3a3e121ffbcfa0b86bdb91431a7cd82ad3656b11d2e6697
SystemBC
6779c5bd995a94b8e53173cd3be2e59adcca2f9775674dc681565eef4197627e
SystemBC
79b3659ae5791dba0cc638c8034fc65c8e221fd8c5e7a7b4ca15cd12e08f94e9
SystemBC
812d4d9446b7962344e389b9498d08dabce1c9113bb18f554633da7e5992c4a3
SystemBC
+ 16 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230119-pt3hhach4x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/b34afaa7-1723-46fa-831a-39b0d314de8e
Unpacked files
SH256 hash:
c81d0001db2319c3774dff80f346801f493b45c92bd4e825895495158fdf2e9d
MD5 hash:
0d36a4e578fadabccbe15db03c722f6a
SHA1 hash:
b43458ce3f62cddc7d9f4b881e68b83c09de20d4
Link:
https://www.unpac.me/results/bcc39a2a-beb2-49ef-9111-47ba7b85602e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c81d0001db2319c3774dff80f346801f493b45c92bd4e825895495158fdf2e9d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SystemBC

Executable exe c81d0001db2319c3774dff80f346801f493b45c92bd4e825895495158fdf2e9d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2512371/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/354489/

Comments