General
-
Target
688d65ac7f7320069527a498d55ef4ba.exe
-
Size
1.6MB
-
Sample
230112-sflvdacb3t
-
MD5
688d65ac7f7320069527a498d55ef4ba
-
SHA1
e1f2ef3e5f79d96112b127507be0ecf68d053dfe
-
SHA256
bb85e49014f9b6f09e73f32fe5a695549b6b3bf4656cb0041bde68e66f25f54d
-
SHA512
bb77d183f5a7b2d07631f79ecf04d4d7ee76e09057ca282df42090b042bf15afacc172cff28d3835c0d63a012f50e22d5eebd48b3ffa17b5cac3ed67abe16092
-
SSDEEP
24576:g+rjlPyhYziEkqwiX0tDSS1nTa8EjP4OS5lC6faMJLCK8Tmm8qXjUwUk0mW6C:NVPyCzidqwqxO5xL9tmPow9TWb
Malware Config
Extracted
systembc
31.41.244.235:4440
Targets
-
-
Target
688d65ac7f7320069527a498d55ef4ba.exe
-
Size
1.6MB
-
MD5
688d65ac7f7320069527a498d55ef4ba
-
SHA1
e1f2ef3e5f79d96112b127507be0ecf68d053dfe
-
SHA256
bb85e49014f9b6f09e73f32fe5a695549b6b3bf4656cb0041bde68e66f25f54d
-
SHA512
bb77d183f5a7b2d07631f79ecf04d4d7ee76e09057ca282df42090b042bf15afacc172cff28d3835c0d63a012f50e22d5eebd48b3ffa17b5cac3ed67abe16092
-
SSDEEP
24576:g+rjlPyhYziEkqwiX0tDSS1nTa8EjP4OS5lC6faMJLCK8Tmm8qXjUwUk0mW6C:NVPyCzidqwqxO5xL9tmPow9TWb
Score10/10-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-