Overview

overview

10

Static

static

1

socks.exe

windows7-x64

10

socks.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    socks

  • Size

    420KB

  • Sample

    230303-rehkwshb8z

  • MD5

    e85fa08c1ed20440363e2e44eced6299

  • SHA1

    e0867a371a5c6bfdf6bd84470b188f0817b4d23a

  • SHA256

    c1f5b88413bef3bc89aacd544847d5690fe17247b10d5922e59e4cbc6c37707e

  • SHA512

    73bc5a867c7b86f32257f43167c1816b9087a0fc6d70f1500194821abbdfcaddb4f79325e0b24837fabb9594284ff9bb7b180de5fc0264287a6345b146ffcfbf

  • SSDEEP

    6144:g/v3nlCZp4WBAo8+zcJHZNIp4id9q/7ygt2k/BFi+Vrh+Z6QFn5EzMJ1:E/lppJHwp5e/viEg6z81

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

31.222.238.58:4280

192.168.1.28:4280

Targets

    • Target

      socks

    • Size

      420KB

    • MD5

      e85fa08c1ed20440363e2e44eced6299

    • SHA1

      e0867a371a5c6bfdf6bd84470b188f0817b4d23a

    • SHA256

      c1f5b88413bef3bc89aacd544847d5690fe17247b10d5922e59e4cbc6c37707e

    • SHA512

      73bc5a867c7b86f32257f43167c1816b9087a0fc6d70f1500194821abbdfcaddb4f79325e0b24837fabb9594284ff9bb7b180de5fc0264287a6345b146ffcfbf

    • SSDEEP

      6144:g/v3nlCZp4WBAo8+zcJHZNIp4id9q/7ygt2k/BFi+Vrh+Z6QFn5EzMJ1:E/lppJHwp5e/viEg6z81

    Score
    10/10
    systembctrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks