Extracted

• • Target

    dcb373f73cc5e29881b6c97f753da1db91becee01b5eade03b0fd217d10b4e7d.exe

  • Size

    1.6MB

  • MD5

    8c767708c9a9554c0afb504629e75ffd

  • SHA1

    c65394806c0f77af880c7ff8a021bd4222ca3f11

  • SHA256

    dcb373f73cc5e29881b6c97f753da1db91becee01b5eade03b0fd217d10b4e7d

  • SHA512

    f9531159b45f92db319f351ebf4dadf9ba3c413e87da401a0af81d25a446084ed30dee670462292b989e1c9b0074a3c2ae76bb8a1d992e4407f72360303b4e16

  • SSDEEP

    49152:R1aqCQ3KKia9icS8P80nPIIXQocVHmir6QmEGmNyRzs3Xn:R1aA37ia9iJ800QIXQocVHoEGV0

  Score

  10^/10

  systembcdefense_evasiondiscoverytrojan

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc

  • Systembc family

    systembc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2