Extracted

• • Target

    3735585ffb3ec5d0493b3e3e44323ecb9ef11c78f8ccda56e2d86c02a103f736

  • Size

    8.2MB

  • MD5

    8aaa63d32bc201244a89f771d37c5523

  • SHA1

    9f0b6da7824c11e18bfc67fef016dc4c6d034c6e

  • SHA256

    3735585ffb3ec5d0493b3e3e44323ecb9ef11c78f8ccda56e2d86c02a103f736

  • SHA512

    d75ef26bff91d50fe959a86f20db7813bf8fd6e16ac7d9b17b22401eab29841b60f79bbdd472a1fd29aff7b2f8c8a186f6baf5f29225deb7f879cb76208eaf76

  • SSDEEP

    98304:0nf7Zg7kBIjYXCz76QOph+F7ccTDhUCuEw3YtVD8flWyK40uLlcKLh+5D:U0jrf6QOph+LsyTyKruJV0D

  Score

  10^/10

  systembcbootkitevasionpersistencetrojan

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Executes dropped EXE

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks whether UAC is enabled

    evasiontrojan

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1