Extracted

• • Target

    d5ad3606c7d9d910c5c0ee34b4efef0a782473b71e1a1dde080bcbd66471cc78.exe

  • Size

    1.6MB

  • MD5

    7c96b541c87d7cb0e14085a5b40687b5

  • SHA1

    9db14d50fc3ef0abafe56d4529f1132b3aea2fdd

  • SHA256

    d5ad3606c7d9d910c5c0ee34b4efef0a782473b71e1a1dde080bcbd66471cc78

  • SHA512

    6f144dd107207e59e6af9239a906321c089aaaef292f0ff5a82176561b2943ac5ee3c4af8d37db473f05271a4984398a79ee6da249d611876431ab0ebe3c8790

  • SSDEEP

    24576:EeuPfbQTsLQvDFzqllx+/IAFAeuoRq6DJ/CoT+scEcz4OBl0p/EJUhe7DdwIHXZE:DtOgdquInmfdCqjcG00pces7DfHXC

  Score

  10^/10

  systembcdefense_evasiondiscoverytrojan

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc

  • Systembc family

    systembc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Downloads MZ/PE file

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2