General
-
Target
3aad6e79569fcc68f0b8530225e08743.exe
-
Size
2.2MB
-
Sample
230127-rbjc1sch61
-
MD5
3aad6e79569fcc68f0b8530225e08743
-
SHA1
e1247952bedea6d68c471b779d673167d5e1d774
-
SHA256
efb2b92a9ad40fb2d039fed04162ec421d3fd4bcd86adedbcb52d03ed5b742c1
-
SHA512
b30938d0210f9864f1165348f7bdbc1b6732687e8ee4a013b2c53f0ca0d212f8722cc8c6c4c187645f04d614cf2a21707869812c04ff551057f4d969141ab50d
-
SSDEEP
49152:Il8pLho6EEJZHFqdBiNz0ywwO++wddZHyo:8ULxEaHr0ywwO+RZHyo
Malware Config
Extracted
systembc
cryptotab.me:4001
Targets
-
-
Target
3aad6e79569fcc68f0b8530225e08743.exe
-
Size
2.2MB
-
MD5
3aad6e79569fcc68f0b8530225e08743
-
SHA1
e1247952bedea6d68c471b779d673167d5e1d774
-
SHA256
efb2b92a9ad40fb2d039fed04162ec421d3fd4bcd86adedbcb52d03ed5b742c1
-
SHA512
b30938d0210f9864f1165348f7bdbc1b6732687e8ee4a013b2c53f0ca0d212f8722cc8c6c4c187645f04d614cf2a21707869812c04ff551057f4d969141ab50d
-
SSDEEP
49152:Il8pLho6EEJZHFqdBiNz0ywwO++wddZHyo:8ULxEaHr0ywwO+RZHyo
Score10/10-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-