General
-
Target
fc67f616c652c250ffb7a6acd161f64cad63be69cb18d9d3b97456c3e5029dbb
-
Size
2.1MB
-
Sample
221209-117xcahd3t
-
MD5
7ccb778b845c8a49f4a8487482b1dc2c
-
SHA1
a30c90788d077df053fb0162d9e728a21a898bdb
-
SHA256
fc67f616c652c250ffb7a6acd161f64cad63be69cb18d9d3b97456c3e5029dbb
-
SHA512
98e300b23cf5c66a6828677bbc12752c1029bcb8a7de46a9af2d1e10304acbb26a2abdaa66d04953e450375018b69bdeb202d04d28b156107acb04af2f357099
-
SSDEEP
49152:YquirGYBpq99AqkfX/NV/ET9/coPusXh3:sSpq99puPScUusR
Malware Config
Extracted
systembc
slavelever.info:4248
slavelevereoewl.info:4248
Targets
-
-
Target
fc67f616c652c250ffb7a6acd161f64cad63be69cb18d9d3b97456c3e5029dbb
-
Size
2.1MB
-
MD5
7ccb778b845c8a49f4a8487482b1dc2c
-
SHA1
a30c90788d077df053fb0162d9e728a21a898bdb
-
SHA256
fc67f616c652c250ffb7a6acd161f64cad63be69cb18d9d3b97456c3e5029dbb
-
SHA512
98e300b23cf5c66a6828677bbc12752c1029bcb8a7de46a9af2d1e10304acbb26a2abdaa66d04953e450375018b69bdeb202d04d28b156107acb04af2f357099
-
SSDEEP
49152:YquirGYBpq99AqkfX/NV/ET9/coPusXh3:sSpq99puPScUusR
Score10/10-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-