Extracted

• • Target

    Opdxdyeul.exe

  • Size

    894KB

  • MD5

    cee58644e824d57927fe73be837b1418

  • SHA1

    698d1a11ab58852be004fd4668a6f25371621976

  • SHA256

    4235c78ffaf12c4e584666da54cfc5dc56412235f5a2d313dcac07d1314dd52e

  • SHA512

    ab9e9083ed107b5600f802ec66dab71f1064377749b6c874f8ce6e9ce5b2718a1dc45372b883943a8eae99378d1151ce15983d4c9be67d559cd72b28b9f55fb5

  • SSDEEP

    12288:etFDEnlFaqLcsjwwdbriOXrWh+7SmCHK4A04KJeYtS1dFXuehyFJ97wQjGuNafNJ:6q9ctmHiCpd4FJe0oeehyjPiuNv/L

  Score

  10^/10

  discoverypersistencesystembctrojan

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc

  • Systembc family

    systembc

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2