Overview

overview

10

Static

static

7

new64.dll

windows7-x64

10

new64.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    new64.dll

  • Size

    3.7MB

  • Sample

    230701-keh34ahe5v

  • MD5

    0168ca4a89a13c8b48f97edcd8c32165

  • SHA1

    8f7c8396abe6dc8cf3d96dcefdcb208bebdc2852

  • SHA256

    10f2b39f63da35827e667f29e2b69524079e06e454160dee4c28636fffcce199

  • SHA512

    c6e273f86f177d8b6b45de6b1969e8e88a708a1f86dc318f870cf6c011fd275503aeba5ab8e37dda85a407449c2ca0921bc9b3b586ab43f8afda946f481119ed

  • SSDEEP

    49152:jjjH4ZOXhVNeJBCDRTJ+j6ErUCBOU9EUSqVLsGC8egyQVTlFvqCBfZKQO9NPe5Ie:l8BcNYjnJLnC8egyQVPNZwL

Score
10/10
systembcevasionthemidatrojan

Malware Config

Extracted

Family

systembc

C2

5.42.65.67:4298

localhost.exchange:4298

Targets

    • Target

      new64.dll

    • Size

      3.7MB

    • MD5

      0168ca4a89a13c8b48f97edcd8c32165

    • SHA1

      8f7c8396abe6dc8cf3d96dcefdcb208bebdc2852

    • SHA256

      10f2b39f63da35827e667f29e2b69524079e06e454160dee4c28636fffcce199

    • SHA512

      c6e273f86f177d8b6b45de6b1969e8e88a708a1f86dc318f870cf6c011fd275503aeba5ab8e37dda85a407449c2ca0921bc9b3b586ab43f8afda946f481119ed

    • SSDEEP

      49152:jjjH4ZOXhVNeJBCDRTJ+j6ErUCBOU9EUSqVLsGC8egyQVTlFvqCBfZKQO9NPe5Ie:l8BcNYjnJLnC8egyQVPNZwL

    Score
    10/10
    systembcevasionthemidatrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Blocklisted process makes network request

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks