Overview

overview

10

Static

static

7

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bbd8b41c49eaee839da5fc62c999761efb835e7eb84f73cbf531cf0dd40c608b

  • Size

    8.2MB

  • Sample

    221005-edljyadcc5

  • MD5

    23150d8faa66ce23299e2c032b8fd62f

  • SHA1

    26c7c604d01f784931a3a95f1efeb56bfe1aec69

  • SHA256

    bbd8b41c49eaee839da5fc62c999761efb835e7eb84f73cbf531cf0dd40c608b

  • SHA512

    17ae25cce526a5eb11202cc779f5d62fc45b14a4d547e2eb88694dc21c83fdb853731adfd7cb47fb3499f140ddedf61175415504a0c93cb2ed3b3f25e989f5e7

  • SSDEEP

    196608:JzxikPsLoM1ZPdUYcoV1alsmMzU5tReoS+P6n:JzIkP7M1ZP64alnB5t5SF

Score
10/10
systembcevasionthemidatrojan

Malware Config

Extracted

Family

systembc

C2

89.22.225.242:4193

195.2.93.22:4193

Targets

    • Target

      bbd8b41c49eaee839da5fc62c999761efb835e7eb84f73cbf531cf0dd40c608b

    • Size

      8.2MB

    • MD5

      23150d8faa66ce23299e2c032b8fd62f

    • SHA1

      26c7c604d01f784931a3a95f1efeb56bfe1aec69

    • SHA256

      bbd8b41c49eaee839da5fc62c999761efb835e7eb84f73cbf531cf0dd40c608b

    • SHA512

      17ae25cce526a5eb11202cc779f5d62fc45b14a4d547e2eb88694dc21c83fdb853731adfd7cb47fb3499f140ddedf61175415504a0c93cb2ed3b3f25e989f5e7

    • SSDEEP

      196608:JzxikPsLoM1ZPdUYcoV1alsmMzU5tReoS+P6n:JzIkP7M1ZP64alnB5t5SF

    Score
    10/10
    systembcevasionthemidatrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

3
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks