Resubmissions
17-11-2022 22:16
221117-165n6sga59 10General
-
Target
14a3bcfe545de508cb00e55ed07bf88577f1f705ca6cdd15b733235f1d384729
-
Size
2.3MB
-
Sample
221117-165n6sga59
-
MD5
52cebc912107826689b12c7b60ec9a1e
-
SHA1
2d4c128f0b4e911f61ee6df3212d9d170be91ee7
-
SHA256
14a3bcfe545de508cb00e55ed07bf88577f1f705ca6cdd15b733235f1d384729
-
SHA512
eb74bfa7a9615d8e7c7369a2d1589aa6e5f212740b4af87ea52720203d955c458a2df4f01a7d1996502789f980177fc7dddc74c1aa8a49cbe76d5ced4fe32726
-
SSDEEP
49152:IZPe/2gMtgRKDIR38+QfTwnRp1HziKkS7M4c5:urqRONhTW/1HWKkSQp
Malware Config
Extracted
systembc
cryptotab.me:4001
Targets
-
-
Target
14a3bcfe545de508cb00e55ed07bf88577f1f705ca6cdd15b733235f1d384729
-
Size
2.3MB
-
MD5
52cebc912107826689b12c7b60ec9a1e
-
SHA1
2d4c128f0b4e911f61ee6df3212d9d170be91ee7
-
SHA256
14a3bcfe545de508cb00e55ed07bf88577f1f705ca6cdd15b733235f1d384729
-
SHA512
eb74bfa7a9615d8e7c7369a2d1589aa6e5f212740b4af87ea52720203d955c458a2df4f01a7d1996502789f980177fc7dddc74c1aa8a49cbe76d5ced4fe32726
-
SSDEEP
49152:IZPe/2gMtgRKDIR38+QfTwnRp1HziKkS7M4c5:urqRONhTW/1HWKkSQp
Score10/10-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-