systembc | 3a48bb3fcdd6733462d837d755c7f09f90399d57364bae905f130009112a8945 | Triage

Submit
Reports

Overview

overview

Static

static

7

3a48bb3fcd...45.exe

windows7-x64

9

3a48bb3fcd...45.exe

windows10-2004-x64

Sharing

General

Target

3a48bb3fcdd6733462d837d755c7f09f90399d57364bae905f130009112a8945
Size

684.8MB
Sample

241221-tzwdlasqgv
MD5

cffbeaff6728b94b1157790a0da8c0e0
SHA1

f739e01d798ee1f1c8802daf661fe22a2dc6cb85
SHA256

3a48bb3fcdd6733462d837d755c7f09f90399d57364bae905f130009112a8945
SHA512

afdcc11c9fff4cca1d14d326d4728b3032617b62c2b9ad788b2e78383831cc0240ce0bf428b43e17ef0cb222ccacc99f58ab8b1e9c77804bcaf9bc0033375b76
SSDEEP

98304:G9J/BDT4RZr3mc9UUxFKzxx+SjEnodrlW3hvIroVj0Rdfay6cysWtrW4L:e/9Y3n9UiFe+SWodrlW3HVURp7Wtas

Score

10^/10

systembc evasion persistence themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3a48bb3fcdd6733462d837d755c7f09f90399d57364bae905f130009112a8945.exe

Resource

win7-20240729-en

evasion themida trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

3a48bb3fcdd6733462d837d755c7f09f90399d57364bae905f130009112a8945.exe

Resource

win10v2004-20241007-en

systembc evasion persistence themida trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

systembc

C2

178.20.44.196:4127

192.168.1.149:4127

Targets

- Target
  
  3a48bb3fcdd6733462d837d755c7f09f90399d57364bae905f130009112a8945
- Size
  
  684.8MB
- MD5
  
  cffbeaff6728b94b1157790a0da8c0e0
- SHA1
  
  f739e01d798ee1f1c8802daf661fe22a2dc6cb85
- SHA256
  
  3a48bb3fcdd6733462d837d755c7f09f90399d57364bae905f130009112a8945
- SHA512
  
  afdcc11c9fff4cca1d14d326d4728b3032617b62c2b9ad788b2e78383831cc0240ce0bf428b43e17ef0cb222ccacc99f58ab8b1e9c77804bcaf9bc0033375b76
- SSDEEP
  
  98304:G9J/BDT4RZr3mc9UUxFKzxx+SjEnodrlW3hvIroVj0Rdfay6cysWtrW4L:e/9Y3n9UiFe+SWodrlW3HVURp7Wtas
Score

10^/10

evasion themida trojan systembc persistence
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Systembc family
  systembc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

systembcevasionpersistencethemidatrojan

© 2018-2024

Terms | Privacy