systembc | 2beeb1e24561fd6ed03890da0afa68e0120776b815f5c60350e06e1d54562f9e | Triage

Submit
Reports

Overview

overview

Static

static

7

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

2beeb1e24561fd6ed03890da0afa68e0120776b815f5c60350e06e1d54562f9e
Size

6.0MB
Sample

230730-ffed3sgb25
MD5

0c35071344e18b340cccf9a625a9cdb5
SHA1

08ec02759debfdacab772f76451153eaeaa9ddc7
SHA256

2beeb1e24561fd6ed03890da0afa68e0120776b815f5c60350e06e1d54562f9e
SHA512

a79862aedfc6432d3888280886935ce4efe6c358ea717ebd516e657aa35a78df9f3de9675d8cc3d5669e76d2382de0d984befa6b765683a28e6dbc68d40043ce
SSDEEP

98304:7nUY8k4GVWPxRi1ENvbSMOHcgMaWMJSSqyjbngSnVhSeL62f5x3vHDgW:JR4PxKADLO8gMapJTqJSn3WS5x3vH8W

Score

10^/10

systembc trojan vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2beeb1e24561fd6ed03890da0afa68e0120776b815f5c60350e06e1d54562f9e.dll

Resource

win7-20230712-en

systembc trojan vmprotect

windows7-x64

4 signatures

300 seconds

Behavioral task

behavioral2

Sample

2beeb1e24561fd6ed03890da0afa68e0120776b815f5c60350e06e1d54562f9e.dll

Resource

win10-20230703-en

systembc trojan vmprotect

windows10-1703-x64

4 signatures

300 seconds

Malware Config

Extracted

Family

systembc

C2

5.42.65.67:4298

localhost.exchange:4298

Targets

- Target
  
  2beeb1e24561fd6ed03890da0afa68e0120776b815f5c60350e06e1d54562f9e
- Size
  
  6.0MB
- MD5
  
  0c35071344e18b340cccf9a625a9cdb5
- SHA1
  
  08ec02759debfdacab772f76451153eaeaa9ddc7
- SHA256
  
  2beeb1e24561fd6ed03890da0afa68e0120776b815f5c60350e06e1d54562f9e
- SHA512
  
  a79862aedfc6432d3888280886935ce4efe6c358ea717ebd516e657aa35a78df9f3de9675d8cc3d5669e76d2382de0d984befa6b765683a28e6dbc68d40043ce
- SSDEEP
  
  98304:7nUY8k4GVWPxRi1ENvbSMOHcgMaWMJSSqyjbngSnVhSeL62f5x3vHDgW:JR4PxKADLO8gMapJTqJSn3WS5x3vH8W
Score

10^/10

systembc trojan vmprotect
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Blocklisted process makes network request
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

systembctrojanvmprotect

behavioral2

systembctrojanvmprotect

© 2018-2024

Terms | Privacy