MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d817131a06e282101d1da0a44df9b273f2c65bd0f4dd7cd9ef8e74ed49ce57e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SystemBC

Vendor detections: 7

Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash:	d817131a06e282101d1da0a44df9b273f2c65bd0f4dd7cd9ef8e74ed49ce57e4
SHA3-384 hash:	b3eca212d12d755f64abd470ec0a9d552b9863e612b795c5343c694dee0251401ef164be21a48aaf2bbbb3697edcbe8b
SHA1 hash:	430ed90e5b2d603e43745b1a62a8d66039b1c811
MD5 hash:	124c7d3fd6012d5e1236d66d35da9cb2
humanhash:	pizza-kilo-diet-social
File name:	35da946b55a7125ac91be532a686c501.zip
Download:	download sample
Signature	SystemBC Create hunting rule
File size:	28'588'342 bytes
First seen:	2023-05-09 03:56:56 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	786432:+1HVpI/ZHgDZAgSjEcIiQKFoPIj84PLNA57cZqToX:a1emAGnbIj84PJAcZG4
TLSH	T1F45733B40940A461D692FF36619F9B68A1B138C8C7AAC40E8E9F6CF17DC3BC1D17958D
TrID	40.0% (.XPI) Mozilla Firefox browser extension (8000/1/1) 35.0% (.MAFF) Mozilla Archive Format (gen) (7000/1/1) 20.0% (.ZIP) ZIP compressed archive (4000/1) 5.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	captainGeech
Tags:	SystemBC zip

Intelligence

File Origin

# of uploads :

# of downloads :

323

Origin country :

File Archive Information

This file archive contains 8 file(s), sorted by their relevance:

File name:	install.txt
File size:	4'098 bytes
SHA256 hash:	dd18e44c7389d0116b61ba172314d339324d9e9598940b8ba3d378bb0c8eb6f3
MD5 hash:	968a0358ab0db8218d7ee4aa18b9113a
MIME type:	text/plain
Signature	SystemBC

File name:	password.php
File size:	27'749 bytes
SHA256 hash:	236cff4506f94c8c1059c8545631fa2dcd15b086c1ade4660b947b59bdf2afbd
MD5 hash:	ce9b584da52e18399c530107c200f8bd
MIME type:	text/x-php
Signature	SystemBC

File name:	geoip2.phar
File size:	356'279 bytes
SHA256 hash:	7f7a6ba15f126642ea88c6cf9354f561f6fb86948dd713ac3d8af5d169d25128
MD5 hash:	71d14334860b780ee91902ea71d7518a
MIME type:	application/octet-stream
Signature	SystemBC

File name:	server.out
File size:	16'256 bytes
SHA256 hash:	b69738c655dee0071b1ce37ab5227018ebce01ba5e90d28bd82d63c46e9e63a4
MD5 hash:	4e0a5548d669fb559fc9557c29d1300d
MIME type:	application/x-executable
Signature	SystemBC

File name:	socks.out
File size:	6'864 bytes
SHA256 hash:	5da486c1d5024f144333032ffbeae9f8e6de951f6633791861055564952ee779
MD5 hash:	345b602eef289ed62c556690a99038a2
MIME type:	application/x-executable
Signature	SystemBC

File name:	index.html
File size:	16 bytes
SHA256 hash:	a14b2375d7042a76207b40292ea3b5dec759b9908c566d5701493e1e6b381242
MD5 hash:	f5a101e1a581bd03a5709b5c36f4c9c5
MIME type:	text/plain
Signature	SystemBC

File name:	GeoLite2-City.mmdb
File size:	60'358'741 bytes
SHA256 hash:	ed5d2377f074963611e114a9716a398ac90aa5843108152a77b89fe2b8e56f4c
MD5 hash:	4904e6ffa23929e7b0f26de0a1c0a3ef
MIME type:	application/octet-stream
Signature	SystemBC

File name:	server.exe
File size:	23'040 bytes
SHA256 hash:	c154d0f2c61353e96026f7036e79e8217b078bbf1947d7a2d7753cab657022f1
MD5 hash:	3e5b7dedb99563e687b56384bcd24823
MIME type:	application/x-dosexec
Signature	SystemBC

Vendor Threat Intelligence

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

coroxy greyware shell32.dll

Link:

https://www.filescan.io/uploads/6459c4906f254f9636e3c515/reports/67e7e096-fde6-4748-8565-9aeff7bc16eb/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/d817131a06e282101d1da0a44df9b273f2c65bd0f4dd7cd9ef8e74ed49ce57e4

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/d817131a06e282101d1da0a44df9b273f2c65bd0f4dd7cd9ef8e74ed49ce57e4

Gathering data

Threat name:

Linux.Backdoor.GetShell

Status:

Malicious

First seen:

2022-11-19 15:40:29 UTC

File Type:

Binary (Archive)

Extracted files:

275

AV detection:

23 of 37 (62.16%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=3alrggqg4kbbahi5ucse36nsopzmmw6q6toxzwpprz2o2sook7sa._file

Result

Malware family:

systembc

Score:

10/10

Tags:

family:systembc evasion linux persistence

Link:

https://tria.ge/reports/230509-fhzg2aec72/

Behaviour

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Executes dropped EXE

Modifies Windows Firewall

Malware Config

C2 Extraction:

87.244.158.94

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.65

Link:

https://yomi.yoroi.company/submissions/d817131a06e282101d1da0a44df9b273f2c65bd0f4dd7cd9ef8e74ed49ce57e4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	adonunix2 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	AD on UNIX

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample