systembc | ba137558e3d88cd6d9bb8b5d06662b6de3c878fcbec37cac07a617538df045de | Triage

Submit
Reports

Overview

overview

Static

static

7

ba137558e3...de.exe

windows7-x64

ba137558e3...de.exe

windows10-2004-x64

Resubmissions

22-11-2022 06:53

221122-hnvgdagf3v 10

22-11-2022 05:33

221122-f8tpgabe75 10

Sharing

General

Target

ba137558e3d88cd6d9bb8b5d06662b6de3c878fcbec37cac07a617538df045de
Size

799.1MB
Sample

221122-hnvgdagf3v
MD5

c92f10574719f64de71f15142e927922
SHA1

bc1c5d3a8481f8fda448c55d821da9b2f55fed66
SHA256

ba137558e3d88cd6d9bb8b5d06662b6de3c878fcbec37cac07a617538df045de
SHA512

b0a51feeb6053602eb56a354b25e1ef7d39856e1daa648a8186546476b7f67358c4c40978035fbf246df00323587cfc309506a60a1e5354a86ac6f8c81db87d6
SSDEEP

98304:NjtiC2lkD5L18CJVE0CGTtHdxpXP3UDSMOKS6gqiLZFIfbdSK3m:VtP58CrZf3iVrS6gqCZFcxD2

Score

10^/10

systembc evasion persistence themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ba137558e3d88cd6d9bb8b5d06662b6de3c878fcbec37cac07a617538df045de.exe

Resource

win7-20220812-en

systembc evasion persistence themida trojan

windows7-x64

14 signatures

1800 seconds

Behavioral task

behavioral2

Sample

ba137558e3d88cd6d9bb8b5d06662b6de3c878fcbec37cac07a617538df045de.exe

Resource

win10v2004-20220812-en

systembc evasion persistence themida trojan

windows10-2004-x64

14 signatures

1800 seconds

Malware Config

Extracted

Family

systembc

C2

212.8.244.5:4001

192.168.1.149:4001

Targets

- Target
  
  ba137558e3d88cd6d9bb8b5d06662b6de3c878fcbec37cac07a617538df045de
- Size
  
  799.1MB
- MD5
  
  c92f10574719f64de71f15142e927922
- SHA1
  
  bc1c5d3a8481f8fda448c55d821da9b2f55fed66
- SHA256
  
  ba137558e3d88cd6d9bb8b5d06662b6de3c878fcbec37cac07a617538df045de
- SHA512
  
  b0a51feeb6053602eb56a354b25e1ef7d39856e1daa648a8186546476b7f67358c4c40978035fbf246df00323587cfc309506a60a1e5354a86ac6f8c81db87d6
- SSDEEP
  
  98304:NjtiC2lkD5L18CJVE0CGTtHdxpXP3UDSMOKS6gqiLZFIfbdSK3m:VtP58CrZf3iVrS6gqCZFcxD2
Score

10^/10

systembc evasion persistence themida trojan
- Modifies WinLogon for persistence
  persistence
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

systembcevasionpersistencethemidatrojan

behavioral2

systembcevasionpersistencethemidatrojan

© 2018-2024

Terms | Privacy