General

  • Target

    688d65ac7f7320069527a498d55ef4ba.exe

  • Size

    1.6MB

  • Sample

    230112-sflvdacb3t

  • MD5

    688d65ac7f7320069527a498d55ef4ba

  • SHA1

    e1f2ef3e5f79d96112b127507be0ecf68d053dfe

  • SHA256

    bb85e49014f9b6f09e73f32fe5a695549b6b3bf4656cb0041bde68e66f25f54d

  • SHA512

    bb77d183f5a7b2d07631f79ecf04d4d7ee76e09057ca282df42090b042bf15afacc172cff28d3835c0d63a012f50e22d5eebd48b3ffa17b5cac3ed67abe16092

  • SSDEEP

    24576:g+rjlPyhYziEkqwiX0tDSS1nTa8EjP4OS5lC6faMJLCK8Tmm8qXjUwUk0mW6C:NVPyCzidqwqxO5xL9tmPow9TWb

Score
10/10

Malware Config

Extracted

Family

systembc

C2

31.41.244.235:4440

Targets

    • Target

      688d65ac7f7320069527a498d55ef4ba.exe

    • Size

      1.6MB

    • MD5

      688d65ac7f7320069527a498d55ef4ba

    • SHA1

      e1f2ef3e5f79d96112b127507be0ecf68d053dfe

    • SHA256

      bb85e49014f9b6f09e73f32fe5a695549b6b3bf4656cb0041bde68e66f25f54d

    • SHA512

      bb77d183f5a7b2d07631f79ecf04d4d7ee76e09057ca282df42090b042bf15afacc172cff28d3835c0d63a012f50e22d5eebd48b3ffa17b5cac3ed67abe16092

    • SSDEEP

      24576:g+rjlPyhYziEkqwiX0tDSS1nTa8EjP4OS5lC6faMJLCK8Tmm8qXjUwUk0mW6C:NVPyCzidqwqxO5xL9tmPow9TWb

    Score
    10/10
    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

1
T1082

Tasks