MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d72645347b3fa6134cc416b6b9d73eec9d4ef2af4dbf26c6b91da795144c394c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SystemBC

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	d72645347b3fa6134cc416b6b9d73eec9d4ef2af4dbf26c6b91da795144c394c
SHA3-384 hash:	fde9d5fb05ea120ab02d6e3ba554224e473112bcf99d58c992acd53456a16bca98260760e18091b4bea1210ed156e24e
SHA1 hash:	71486f38fdb43239ccf56b6349e0eaf86e68022a
MD5 hash:	0915eb750b11e94953c1986391d89c8a
humanhash:	kilo-mountain-nineteen-robin
File name:	0915eb750b11e94953c1986391d89c8a.exe
Download:	download sample
Signature	SystemBC Create hunting rule
File size:	10'115'072 bytes
First seen:	2022-11-03 07:25:36 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	3ce76b536f35a4d5f94e60558d62769e (1 x SystemBC)
ssdeep	196608:P/JjqWE4GnFcaCCnTwaJ6qu8jKmEHEByu0cssD1MGQQtgIL:P/8tCWwaJju85X0hGgIL
Threatray	833 similar samples on MalwareBazaar
TLSH	T1FEA633BB12A10609C1D9CD39D6377CD1B2F6627B4EC099F0A5A9E6C53A438DA9703F43
TrID	29.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 22.7% (.EXE) Win16 NE executable (generic) (5038/12/1) 20.3% (.EXE) Win32 Executable (generic) (4505/5/1) 9.1% (.EXE) OS/2 Executable (generic) (2029/13) 9.0% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter	abuse_ch
Tags:	exe SystemBC

Intelligence

File Origin

# of uploads :

# of downloads :

177

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

systembc

ID:

File name:

0915eb750b11e94953c1986391d89c8a.exe

Verdict:

Malicious activity

Analysis date:

2022-11-03 07:28:34 UTC

Tags:

systembc

Link:

https://app.any.run/tasks/4f3cd24d-a5f1-4d85-8074-1aaabb330bf9

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

SystemBC

Link:

https://www.capesandbox.com/analysis/327642/

Result

Verdict:

Malware

Maliciousness:

Behaviour

DNS request

Connecting to a non-recommended domain

Sending a custom TCP request

Launching a process

Forced system process termination

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/47808/overview

Behaviour

MalwareBazaar

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed shell32.dll

Link:

https://www.filescan.io/uploads/63636d10fe481257b8fc02bc/reports/151a9d3e-0900-4a3b-9e53-5a11914cff3e/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/7b306627-c8db-4bed-9062-f547199889aa

Result

Threat name:

SystemBC

Detection:

malicious

Classification:

troj.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/1104100

Signature

Hides threads from debuggers

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Tries to detect virtualization through RDTSC time measurements

Tries to evade analysis by execution special instruction (VM detection)

Yara detected SystemBC

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d72645347b3fa6134cc416b6b9d73eec9d4ef2af4dbf26c6b91da795144c394c/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=24teknd3h6tbgtgec23ltvz65sou54vpjw7snrvzdwtzkfcmhfga._file

Verdict:

unknown

SystemBC

72da013062ea0fd8acf955c4517f8998fef0f6f6d467c9610f8d9b5f77169f57

SystemBC

a6056ecb46f32f17f730ecea827f345d3f5bf8db283dd170d08d264f827b493d

SystemBC

aeca12bf63530aa733104d00c1389a7874676eb263368c22d1eea71300cdb636

SystemBC

b2fca983a96d73154e9807ed55a953ac1afe1d1ea56357c51c0bd62b67b75c2e

SystemBC

b6703c505861e0552017a9d5d718d2aefe6b67ad0c472c91a341c883244c2155

SystemBC

e478b4ce3f8b8d0a2a6f88e5eee26e4f19528b55fa3dfe92258b5e08da8df2e0

SystemBC

f7f0261df8a81b3c20be78b7648aa46cdba62f08e9e770aa0c4e9fbe8d52624f

SystemBC

+ 823 additional samples on MalwareBazaar

Result

Malware family:

systembc

Score:

10/10

Tags:

family:systembc trojan

Link:

https://tria.ge/reports/221103-h9jl1afeh6/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of NtSetInformationThreadHideFromDebugger

SystemBC

Malware Config

C2 Extraction:

filmsoneonline.com:4246
onlinefilmshome.com:4246

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/94a4ab00-b2d4-4b76-b6d3-3ef2ab32b428

Unpacked files

SH256 hash:

33a61968e9c3a4247d7ebb3c4d8af06db0c44b496997bf1e88a743693060dcd5

MD5 hash:

148f971bf01e672134d43889a52ac481

SHA1 hash:

f3058d45a810c30ec1a762503e3e45febfb0c29a

Detections:

SystemBC

Link:

https://www.unpac.me/results/421e260a-aad7-4f4c-89b4-cc3c5ef70708/

SH256 hash:

d72645347b3fa6134cc416b6b9d73eec9d4ef2af4dbf26c6b91da795144c394c

MD5 hash:

0915eb750b11e94953c1986391d89c8a

SHA1 hash:

71486f38fdb43239ccf56b6349e0eaf86e68022a

Link:

https://www.unpac.me/results/421e260a-aad7-4f4c-89b4-cc3c5ef70708/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.16

Link:

https://yomi.yoroi.company/submissions/d72645347b3fa6134cc416b6b9d73eec9d4ef2af4dbf26c6b91da795144c394c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/327642/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample