Malware Analysis Report

2025-06-15 21:58

Sample ID 221110-pgsgrsbfcr
Target 56ac1a8dc72d7a18f0af4f434e32479b14f67c3fe99c3bb23d38492e51412957
SHA256 56ac1a8dc72d7a18f0af4f434e32479b14f67c3fe99c3bb23d38492e51412957
Tags
systembc evasion trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

56ac1a8dc72d7a18f0af4f434e32479b14f67c3fe99c3bb23d38492e51412957

Threat Level: Known bad

The file 56ac1a8dc72d7a18f0af4f434e32479b14f67c3fe99c3bb23d38492e51412957 was found to be: Known bad.

Malicious Activity Summary

systembc evasion trojan

SystemBC

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Identifies Wine through registry keys

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Windows directory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-11-10 12:18

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-11-10 12:18

Reported

2022-11-10 12:20

Platform

win10-20220901-en

Max time kernel

76s

Max time network

98s

Command Line

"C:\Users\Admin\AppData\Local\Temp\56ac1a8dc72d7a18f0af4f434e32479b14f67c3fe99c3bb23d38492e51412957.exe"

Signatures

SystemBC

trojan systembc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\56ac1a8dc72d7a18f0af4f434e32479b14f67c3fe99c3bb23d38492e51412957.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\56ac1a8dc72d7a18f0af4f434e32479b14f67c3fe99c3bb23d38492e51412957.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\56ac1a8dc72d7a18f0af4f434e32479b14f67c3fe99c3bb23d38492e51412957.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\56ac1a8dc72d7a18f0af4f434e32479b14f67c3fe99c3bb23d38492e51412957.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\56ac1a8dc72d7a18f0af4f434e32479b14f67c3fe99c3bb23d38492e51412957.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\56ac1a8dc72d7a18f0af4f434e32479b14f67c3fe99c3bb23d38492e51412957.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\56ac1a8dc72d7a18f0af4f434e32479b14f67c3fe99c3bb23d38492e51412957.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Tasks\wow64.job C:\Users\Admin\AppData\Local\Temp\56ac1a8dc72d7a18f0af4f434e32479b14f67c3fe99c3bb23d38492e51412957.exe N/A
File created C:\Windows\Tasks\wow64.job C:\Users\Admin\AppData\Local\Temp\56ac1a8dc72d7a18f0af4f434e32479b14f67c3fe99c3bb23d38492e51412957.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\56ac1a8dc72d7a18f0af4f434e32479b14f67c3fe99c3bb23d38492e51412957.exe

"C:\Users\Admin\AppData\Local\Temp\56ac1a8dc72d7a18f0af4f434e32479b14f67c3fe99c3bb23d38492e51412957.exe"

C:\Users\Admin\AppData\Local\Temp\56ac1a8dc72d7a18f0af4f434e32479b14f67c3fe99c3bb23d38492e51412957.exe

C:\Users\Admin\AppData\Local\Temp\56ac1a8dc72d7a18f0af4f434e32479b14f67c3fe99c3bb23d38492e51412957.exe start

Network

Country Destination Domain Proto
US 20.42.73.24:443 tcp
US 8.8.8.8:53 slavelever.info udp
NL 46.30.41.57:4248 slavelever.info tcp
US 93.184.221.240:80 tcp

Files

memory/3048-117-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-118-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-119-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-120-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-121-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-122-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-123-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-124-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-125-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-126-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-127-0x0000000000400000-0x0000000000886000-memory.dmp

memory/3048-128-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-129-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-130-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-131-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-132-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-133-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-134-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-135-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-136-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-137-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-138-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-139-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-140-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-141-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-142-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-143-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-144-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-145-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-146-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-147-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-148-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-149-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-150-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-151-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-152-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-153-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-154-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-155-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-156-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-157-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-158-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-159-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-160-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-161-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-162-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-163-0x0000000000400000-0x0000000000886000-memory.dmp

memory/3048-164-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-166-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-165-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-167-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-168-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-169-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-170-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/3048-171-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/4600-172-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/4600-174-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/4600-173-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/4600-175-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/4600-176-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/4600-178-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/4600-177-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/4600-179-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/4600-180-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/4600-181-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/4600-182-0x0000000077470000-0x00000000775FE000-memory.dmp

memory/4600-208-0x0000000000400000-0x0000000000886000-memory.dmp