Extracted

• • Target

    kzTq7Bt.exe

  • Size

    1.7MB

  • MD5

    35be87c37074612e552d655637c59a0f

  • SHA1

    d97b62245300b82004df138404e1863f7923de5c

  • SHA256

    d98d8488c405182e03c95b78692ca0bab65ade4838042aae4b3f0de662495ed3

  • SHA512

    7c5862ce057d1b38c3ea836f78585efb4c6c914aea1ac5e2ac757525d33f092a3e4f76c7ae7433df3d4995d3bbe6fe99728653123dbcf5bcb1f8d20badab34fa

  • SSDEEP

    49152:82DaBnPGGeftb0jn+yMVR6n9rMZzpornZoV:8LBP9ef9xrR6n9Ezpoq

  Score

  10^/10

  systembcdefense_evasiondiscoverytrojan

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc

  • Systembc family

    systembc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Downloads MZ/PE file

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2