Extracted

• • Target

    inputexp.exe

  • Size

    1.6MB

  • MD5

    c3069d373ad7ad584a38a1f8d192d795

  • SHA1

    7622f9ba0222571b132b8cf4170cfbe9ef6c84e5

  • SHA256

    7d6c86e5760cce346c1da56d5be37325370a33166077af261078aa7d32fdee78

  • SHA512

    26dd481a8febddf3eafd7aab249c55440a1106b4250cc296aa0eea383973c7797757235ab3c69c0763361b23f612ffda3a926bab7ddacae777f0c9357682def8

  • SSDEEP

    49152:D69hioTji28jbgm0K9qW8y9vPw3NeGlXKnnzYFplO6Kqe:D6PTTjzUPPZPqNpak5K

  Score

  10^/10

  systembcdefense_evasiondiscoverytrojan

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc

  • Systembc family

    systembc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1