Overview

overview

10

Static

static

3

c539384c00...a8.exe

windows7-x64

10

c539384c00...a8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c539384c0034cc40b226df8cf1354eb264c0e48e722fdd44205ce6783122dba8.exe

  • Size

    1.7MB

  • Sample

    250208-e13rqsvnhv

  • MD5

    e2df3d65784e6202d297bec31d1dfaa1

  • SHA1

    a74be156066f49f56bd5835e35210591b7010634

  • SHA256

    c539384c0034cc40b226df8cf1354eb264c0e48e722fdd44205ce6783122dba8

  • SHA512

    3e311421b7bd8db2ed11fa3bd6406d96a6506b96c54dcf8ab0ea5b95d208dbb124e3372a7be39e42f25f2c2cf59a35888d489c2a107377b831c470bde8f35dfc

  • SSDEEP

    49152:BGZgyO3gUhNuZ+gw5N2W4FCcDK5juYWwb4EOpRpOm:Qw3gCNTph4rwq+

Score
10/10
systembcdefense_evasiondiscoverytrojan

Malware Config

Extracted

Family

systembc

C2

wodresomdaymomentum.org

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.frontier.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    zqKx1XwL

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.nifty.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    mariko0358

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mx.gcdetectivefree.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    parola12

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.netzero.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    toshiba

Extracted

Credentials

Targets

    • Target

      c539384c0034cc40b226df8cf1354eb264c0e48e722fdd44205ce6783122dba8.exe

    • Size

      1.7MB

    • MD5

      e2df3d65784e6202d297bec31d1dfaa1

    • SHA1

      a74be156066f49f56bd5835e35210591b7010634

    • SHA256

      c539384c0034cc40b226df8cf1354eb264c0e48e722fdd44205ce6783122dba8

    • SHA512

      3e311421b7bd8db2ed11fa3bd6406d96a6506b96c54dcf8ab0ea5b95d208dbb124e3372a7be39e42f25f2c2cf59a35888d489c2a107377b831c470bde8f35dfc

    • SSDEEP

      49152:BGZgyO3gUhNuZ+gw5N2W4FCcDK5juYWwb4EOpRpOm:Qw3gCNTph4rwq+

    Score
    10/10
    systembcdefense_evasiondiscoverytrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Systembc family

      systembc

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      defense_evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks