Extracted

Extracted

Extracted

• • Target

    52de774870c7ada6eed786f6d24840d1a59f7665d5b90c5029522ca35243623cN.exe

  • Size

    1.6MB

  • MD5

    0e577b56933e1ca5c34d2332a5c60a00

  • SHA1

    9a16911a231aa1d88ed89869b4a705c3023225d4

  • SHA256

    52de774870c7ada6eed786f6d24840d1a59f7665d5b90c5029522ca35243623c

  • SHA512

    15b4f4910a90678c52b0790fe0a47017240dc70764c060e99a842b16b0f0230267467b0380a9ddf039de78e2c7b95db8d9d88ba67ac736975850ab00ebea6d81

  • SSDEEP

    24576:EeuPfbQTsLQvDFzqllx+/IAFAeuoRq6DJ/CoT+scEcz4OBl0p/EJUhe7DdwIHXZI:DtOgdquInmfdCqjcG00pces7DfHX

  Score

  10^/10

  systembcdefense_evasiondiscoverytrojan

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc

  • Systembc family

    systembc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Downloads MZ/PE file

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2