General
-
Target
f6f4770d6ef84140477aa0381f15155b.exe
-
Size
1.9MB
-
Sample
220207-j8fdmahgcp
-
MD5
f6f4770d6ef84140477aa0381f15155b
-
SHA1
f6f79fa456963555884df0ccc5b0931b69e81333
-
SHA256
553dbdc0da9fac50f5ce3e8006e060ac0c6d8fef73d4942df4fa02202ecd5616
-
SHA512
4e92f906a5f5c308df35134cdd43414585e5401e61fecc7b4ebbc8358f8c6f50d07ea746695ce261654d8bd69eb1e6f575b159f9aa5367c08b003142188dc039
Malware Config
Targets
-
-
Target
f6f4770d6ef84140477aa0381f15155b.exe
-
Size
1.9MB
-
MD5
f6f4770d6ef84140477aa0381f15155b
-
SHA1
f6f79fa456963555884df0ccc5b0931b69e81333
-
SHA256
553dbdc0da9fac50f5ce3e8006e060ac0c6d8fef73d4942df4fa02202ecd5616
-
SHA512
4e92f906a5f5c308df35134cdd43414585e5401e61fecc7b4ebbc8358f8c6f50d07ea746695ce261654d8bd69eb1e6f575b159f9aa5367c08b003142188dc039
Score10/10-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-