MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e63a911ace589c223d9a5742a0813a8acfe6a07f1d6a569a93f00e3f4d9f3583. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SystemBC

Vendor detections: 14

Intelligence 14 IOCs YARA 2 File information Comments

SHA256 hash:	e63a911ace589c223d9a5742a0813a8acfe6a07f1d6a569a93f00e3f4d9f3583
SHA3-384 hash:	36cde83408da71d7140d4b4ef2a1e736ddbbb8cffd5434df3fe0a7330464a1b20329a34b480bfd4c53e734534d381a22
SHA1 hash:	e27ca84e11313e7cb2989a2bc96251b2f614f25a
MD5 hash:	f6027fb8824e1c97d7751e97d3d5794f
humanhash:	magazine-cat-fourteen-early
File name:	dump.exe
Download:	download sample
Signature	SystemBC Create hunting rule
File size:	10'752 bytes
First seen:	2024-01-28 00:41:05 UTC
Last seen:	2024-01-28 02:26:16 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	d66000edfed0a9938162b2b453ffa516 (3 x SystemBC)
ssdeep	192:F8fzqMmTL+f6eeAY82mNZRZ1eLP/x1fkNvFCDko:F8GMmv+f6eX22RZ0LXTsN0ko
TLSH	T1CE22C56B7C61C4A2C353C5BF7A5F1721D27FE6B792349019DFE00C607B35AA68B8510A
TrID	30.2% (.EXE) Win64 Executable (generic) (10523/12/4) 18.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 14.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 12.9% (.EXE) Win32 Executable (generic) (4505/5/1) 5.9% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter	ukycircle
Tags:	exe SystemBC

Intelligence

File Origin

# of uploads :

# of downloads :

349

Origin country :

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/473217/

Detection(s):

SecuriteInfo.com.BackDoor.Coroxy.22.9077.18953.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Sending a TCP request to an infection source

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/65b5a2db40cbb80fe046f246/reports/ac38e120-0979-45ef-b6a1-77c5105750f3/overview

Verdict:

Malicious

Labled as:

Malware

Link:

https://www.hybrid-analysis.com/sample/e63a911ace589c223d9a5742a0813a8acfe6a07f1d6a569a93f00e3f4d9f3583

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

SystemBC

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/ada28411-fff7-4424-9db7-e8208b34447e

Result

Threat name:

SystemBC

Detection:

malicious

Classification:

troj

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/1382184

Signature

Antivirus / Scanner detection for submitted sample

C2 URLs / IPs found in malware configuration

Creates autostart registry keys with suspicious values (likely registry only malware)

Found malware configuration

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suspicious powershell command line found

Yara detected SystemBC

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/e63a911ace589c223d9a5742a0813a8acfe6a07f1d6a569a93f00e3f4d9f3583

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e63a911ace589c223d9a5742a0813a8acfe6a07f1d6a569a93f00e3f4d9f3583/

Threat name:

Win32.Trojan.Coroxy

Status:

Malicious

First seen:

2024-01-28 00:42:05 UTC

File Type:

PE (Exe)

AV detection:

17 of 23 (73.91%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=4y5jcgwolcocepm2k5bkbaj2rlh6nid7dvvfngut6ahd6tm7gwbq._file

Verdict:

malicious

Result

Malware family:

systembc

Score:

10/10

Tags:

family:systembc persistence

Link:

https://tria.ge/reports/240128-a2b8yshddk/

Behaviour

Adds Run key to start application

Malware Config

C2 Extraction:

69.10.60.115:4018

Unpacked files

SH256 hash:

e63a911ace589c223d9a5742a0813a8acfe6a07f1d6a569a93f00e3f4d9f3583

MD5 hash:

f6027fb8824e1c97d7751e97d3d5794f

SHA1 hash:

e27ca84e11313e7cb2989a2bc96251b2f614f25a

Detections:

MALWARE_Win_EXEPWSH_DLAgent

Link:

https://www.unpac.me/results/c07ba352-20e9-4437-9f77-f3cb7ee7e08b/

Parent samples :

e63a911ace589c223d9a5742a0813a8acfe6a07f1d6a569a93f00e3f4d9f3583
eec99e0b7313623ce4bb15305166368bf658ae385f915c1993ca9f24660e196b

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e63a911ace589c223d9a5742a0813a8acfe6a07f1d6a569a93f00e3f4d9f3583

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	MALWARE_Win_EXEPWSH_DLAgent Create hunting rule
Author:	ditekSHen
Description:	Detects SystemBC

Rule name:	Start2_net_bin Create hunting rule
Author:	James_inthe_box
Description:	SystemBC
Reference:	7bd341488dc6f01a6662ac478d67d3cd8211cbf362994355027b5bdf573cc31e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/473217/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample