General

  • Target

    edc_systembc.zip

  • Size

    27.3MB

  • Sample

    210713-cblv4e9t5x

  • MD5

    a63e373b7d353b3f4780e2f32616bd41

  • SHA1

    82d7e0fb737b285a25b34ea14dede242d1d0e1e9

  • SHA256

    3cafa584500cacaedd9f29771969bab7f499b47d1912cfcc03fc58cf662ee545

  • SHA512

    26bf6b68233622123fe995121f9bc36286c04be34cef6fa5a8fda89fd226649c0f60384e5242225b855c1074fa7f764b70754718407b0c7a8532225818c1db06

Score
10/10

Malware Config

Extracted

Family

systembc

C2

88.198.147.80:4174

78.47.64.46:4174

Targets

    • Target

      dll/socks32.dll

    • Size

      13KB

    • MD5

      65c17c463e5b6aa86563ddc2d1cc7d94

    • SHA1

      5d2de9c471fccac50d001ba2ccc9904545b712fd

    • SHA256

      683e6f42222caf44fdc3917be95d55a3f2213c5e3f966e33996ecd1f0743197f

    • SHA512

      b31577aee0c3f40167f9956d09ba9090cc75ac037712daf73528896f067cebdcc5e9bd7be92992ea7169750d4363d572ca87a7a692dcbf0292348c900a09efb8

    Score
    8/10
    • Blocklisted process makes network request

    • Target

      dll/socks64.dll

    • Size

      18KB

    • MD5

      88e8b1ea31a0962bd6ab459354781771

    • SHA1

      6e74586613d381c21f3b72c7a381ebdbcb922ce2

    • SHA256

      1956e3f16a36bff603caea89fd7a949759167ce47e5a0f7bf0a91696572752a2

    • SHA512

      9e94c86698cc23e209b53c278a7d699211c6cd6a3f523e38582254304793a52d71726b4649af56835fd6a74616ec990898674a4170db594a6bc40885723aecc2

    Score
    8/10
    • Blocklisted process makes network request

    • Target

      server.exe

    • Size

      22KB

    • MD5

      9d1530077f1194a165543259ad9a92e4

    • SHA1

      2733bf71fb53d46d39a2bb870843e8706c8256bb

    • SHA256

      ac2daf52daf244d7a7a41506422200b1fb352edf54ee32111ba90d6342ce0047

    • SHA512

      d8fe3243067c3061333950a697c510b805f59448073c68d8a5eb1a954ca499336507b1d1950e3ac78132cf10a52c1cc7a38b003476d694dc0d0846f85abd1346

    Score
    8/10
    • Executes dropped EXE

    • Modifies Windows Firewall

    • Loads dropped DLL

    • Target

      server.out

    • Size

      13KB

    • MD5

      b414e6ef09279f1bfaf3530387582853

    • SHA1

      94c5ba3555c733801dc41e1937e778f93ef898d4

    • SHA256

      967c536d9026d5a33becf7db1f6e603e7c0445108f3091cfc7d99d12b6a503bb

    • SHA512

      3456235188e81aafb3756a07c7253d4c2c05feb56c5a216090ad77af77adb964efc5ba9e1bde2b1c80293800815d4a556c403d13639ac62ad4169657d55ff4be

    Score
    1/10
    • Target

      socks.exe

    • Size

      13KB

    • MD5

      fca6b8e7be21756ad15b863efe86d4f4

    • SHA1

      787885416d0f6a09f7691e9703fa6f9cceba45b3

    • SHA256

      1aef94e54c1af9a8d0c4fa4cbdc602c025a2b10a097e87184ceb89e124d26e6a

    • SHA512

      105b18a82c07bb4d162e507a34a16edda164dedf44b97dba90100927bae4ad48bd6762c220285bc7a25c01620fccbba7cc0eb2992d26aa210bb7bd3320e1152a

    Score
    4/10
    • Target

      www/systembc/geoip/geoip2.phar

    • Size

      347KB

    • MD5

      71d14334860b780ee91902ea71d7518a

    • SHA1

      7316e1354447c369fd991d5a7db6b923f3c886f0

    • SHA256

      7f7a6ba15f126642ea88c6cf9354f561f6fb86948dd713ac3d8af5d169d25128

    • SHA512

      bb42ebf6e9203175cc2cc3aaa6d20b0fbe56d1dfa0545513dc55c4efd8876514b0a22d7289cebd7cc36319342eed061df801efd391e5e85bcbc9dbc0ff4dc319

    Score
    1/10
    • Target

      www/systembc/index.html

    • Size

      16B

    • MD5

      f5a101e1a581bd03a5709b5c36f4c9c5

    • SHA1

      86548e7c6168d3d05819da7b4c4c94547bea43b5

    • SHA256

      a14b2375d7042a76207b40292ea3b5dec759b9908c566d5701493e1e6b381242

    • SHA512

      df6337bd65e4e4a01c256d55eb4cb11576e5b1da2c729c8b251a2f4752fb3128aa91667d58b938aec334651ea30b420a90459214f05cc70b8cda6b6d67564e9a

    Score
    1/10
    • Target

      www/systembc/password.php

    • Size

      27KB

    • MD5

      69cff8bf272da7b927934d63cd377bcf

    • SHA1

      5a5d507a5ec1c850967b7f241764a17a7f09f000

    • SHA256

      e935367d507d258d06fbf1d1b58b4c9e30fd3a1db72e781a4668915dc05f92d1

    • SHA512

      34c647febbf090416aba0b80964605f7cfea9742e3f38eac8f51cf746af99f5a7add04323ae57c257e39b8a552e06e62bae925bbcddab3eab1f0a7875b126a34

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks