Extracted

• • Target

    cubrodriver.exe

  • Size

    1.7MB

  • MD5

    190272ebd2e82a80b242b1bdd442b859

  • SHA1

    fceb12a205c28c30b2049c55924a9872a1a3eb71

  • SHA256

    c13d59dc2e8ee1cbdb8016de0fb3b374f827406fa5d2d1aa4a2820170816d131

  • SHA512

    f3b30d8ea2dd2c451a042b4ed7a9e98d2bcfbb86a88bec2d672a3e1ae6ab3932daf8987eef872e6adb11144f92b9954ac6f6ce67e24a2bc391d7b34ebef876ae

  • SSDEEP

    49152:Kq8Z+aOhmX72hf7OqockKkGYR7SGmUNmzKZg:yAaEhhyJcjkdNmeZg

  Score

  10^/10

  systembcdefense_evasiondiscoverytrojan

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc

  • Systembc family

    systembc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2