Overview
overview
10Static
static
10dll/socks32.dll
windows7_x64
8dll/socks32.dll
windows10_x64
8dll/socks64.dll
windows7_x64
8dll/socks64.dll
windows10_x64
8server.exe
windows7_x64
8server.exe
windows10_x64
8server.out
linux_amd64
server.out
linux_mipsel
server.out
linux_mips
socks.exe
windows7_x64
4socks.exe
windows10_x64
4www/system...har.js
windows7_x64
1www/system...har.js
windows10_x64
1www/system...x.html
windows7_x64
1www/system...x.html
windows10_x64
1www/system...php.js
windows7_x64
1www/system...php.js
windows10_x64
1General
-
Target
edc_systembc.zip
-
Size
27.3MB
-
Sample
210713-cblv4e9t5x
-
MD5
a63e373b7d353b3f4780e2f32616bd41
-
SHA1
82d7e0fb737b285a25b34ea14dede242d1d0e1e9
-
SHA256
3cafa584500cacaedd9f29771969bab7f499b47d1912cfcc03fc58cf662ee545
-
SHA512
26bf6b68233622123fe995121f9bc36286c04be34cef6fa5a8fda89fd226649c0f60384e5242225b855c1074fa7f764b70754718407b0c7a8532225818c1db06
Static task
static1
Behavioral task
behavioral1
Sample
dll/socks32.dll
Resource
win7v20210410
Behavioral task
behavioral2
Sample
dll/socks32.dll
Resource
win10v20210408
Behavioral task
behavioral3
Sample
dll/socks64.dll
Resource
win7v20210410
Behavioral task
behavioral4
Sample
dll/socks64.dll
Resource
win10v20210410
Behavioral task
behavioral5
Sample
server.exe
Resource
win7v20210408
Behavioral task
behavioral6
Sample
server.exe
Resource
win10v20210410
Behavioral task
behavioral7
Sample
server.out
Resource
ubuntu-amd64
Behavioral task
behavioral8
Sample
server.out
Resource
debian9-mipsel
Behavioral task
behavioral9
Sample
server.out
Resource
debian9-mipsbe
Behavioral task
behavioral10
Sample
socks.exe
Resource
win7v20210408
Behavioral task
behavioral11
Sample
socks.exe
Resource
win10v20210408
Behavioral task
behavioral12
Sample
www/systembc/geoip/geoip2.phar.js
Resource
win7v20210408
Behavioral task
behavioral13
Sample
www/systembc/geoip/geoip2.phar.js
Resource
win10v20210410
Behavioral task
behavioral14
Sample
www/systembc/index.html
Resource
win7v20210408
Behavioral task
behavioral15
Sample
www/systembc/index.html
Resource
win10v20210410
Behavioral task
behavioral16
Sample
www/systembc/password.php.js
Resource
win7v20210408
Behavioral task
behavioral17
Sample
www/systembc/password.php.js
Resource
win10v20210410
Malware Config
Extracted
systembc
88.198.147.80:4174
78.47.64.46:4174
Targets
-
-
Target
dll/socks32.dll
-
Size
13KB
-
MD5
65c17c463e5b6aa86563ddc2d1cc7d94
-
SHA1
5d2de9c471fccac50d001ba2ccc9904545b712fd
-
SHA256
683e6f42222caf44fdc3917be95d55a3f2213c5e3f966e33996ecd1f0743197f
-
SHA512
b31577aee0c3f40167f9956d09ba9090cc75ac037712daf73528896f067cebdcc5e9bd7be92992ea7169750d4363d572ca87a7a692dcbf0292348c900a09efb8
Score8/10-
Blocklisted process makes network request
-
-
-
Target
dll/socks64.dll
-
Size
18KB
-
MD5
88e8b1ea31a0962bd6ab459354781771
-
SHA1
6e74586613d381c21f3b72c7a381ebdbcb922ce2
-
SHA256
1956e3f16a36bff603caea89fd7a949759167ce47e5a0f7bf0a91696572752a2
-
SHA512
9e94c86698cc23e209b53c278a7d699211c6cd6a3f523e38582254304793a52d71726b4649af56835fd6a74616ec990898674a4170db594a6bc40885723aecc2
Score8/10-
Blocklisted process makes network request
-
-
-
Target
server.exe
-
Size
22KB
-
MD5
9d1530077f1194a165543259ad9a92e4
-
SHA1
2733bf71fb53d46d39a2bb870843e8706c8256bb
-
SHA256
ac2daf52daf244d7a7a41506422200b1fb352edf54ee32111ba90d6342ce0047
-
SHA512
d8fe3243067c3061333950a697c510b805f59448073c68d8a5eb1a954ca499336507b1d1950e3ac78132cf10a52c1cc7a38b003476d694dc0d0846f85abd1346
Score8/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
-
-
Target
server.out
-
Size
13KB
-
MD5
b414e6ef09279f1bfaf3530387582853
-
SHA1
94c5ba3555c733801dc41e1937e778f93ef898d4
-
SHA256
967c536d9026d5a33becf7db1f6e603e7c0445108f3091cfc7d99d12b6a503bb
-
SHA512
3456235188e81aafb3756a07c7253d4c2c05feb56c5a216090ad77af77adb964efc5ba9e1bde2b1c80293800815d4a556c403d13639ac62ad4169657d55ff4be
Score1/10 -
-
-
Target
socks.exe
-
Size
13KB
-
MD5
fca6b8e7be21756ad15b863efe86d4f4
-
SHA1
787885416d0f6a09f7691e9703fa6f9cceba45b3
-
SHA256
1aef94e54c1af9a8d0c4fa4cbdc602c025a2b10a097e87184ceb89e124d26e6a
-
SHA512
105b18a82c07bb4d162e507a34a16edda164dedf44b97dba90100927bae4ad48bd6762c220285bc7a25c01620fccbba7cc0eb2992d26aa210bb7bd3320e1152a
Score4/10 -
-
-
Target
www/systembc/geoip/geoip2.phar
-
Size
347KB
-
MD5
71d14334860b780ee91902ea71d7518a
-
SHA1
7316e1354447c369fd991d5a7db6b923f3c886f0
-
SHA256
7f7a6ba15f126642ea88c6cf9354f561f6fb86948dd713ac3d8af5d169d25128
-
SHA512
bb42ebf6e9203175cc2cc3aaa6d20b0fbe56d1dfa0545513dc55c4efd8876514b0a22d7289cebd7cc36319342eed061df801efd391e5e85bcbc9dbc0ff4dc319
Score1/10 -
-
-
Target
www/systembc/index.html
-
Size
16B
-
MD5
f5a101e1a581bd03a5709b5c36f4c9c5
-
SHA1
86548e7c6168d3d05819da7b4c4c94547bea43b5
-
SHA256
a14b2375d7042a76207b40292ea3b5dec759b9908c566d5701493e1e6b381242
-
SHA512
df6337bd65e4e4a01c256d55eb4cb11576e5b1da2c729c8b251a2f4752fb3128aa91667d58b938aec334651ea30b420a90459214f05cc70b8cda6b6d67564e9a
Score1/10 -
-
-
Target
www/systembc/password.php
-
Size
27KB
-
MD5
69cff8bf272da7b927934d63cd377bcf
-
SHA1
5a5d507a5ec1c850967b7f241764a17a7f09f000
-
SHA256
e935367d507d258d06fbf1d1b58b4c9e30fd3a1db72e781a4668915dc05f92d1
-
SHA512
34c647febbf090416aba0b80964605f7cfea9742e3f38eac8f51cf746af99f5a7add04323ae57c257e39b8a552e06e62bae925bbcddab3eab1f0a7875b126a34
Score1/10 -