Overview

overview

10

Static

static

3

scks.exe

windows7-x64

10

scks.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    scks.exe

  • Size

    934KB

  • Sample

    230506-n6b1msha74

  • MD5

    3d339c1499363d7571073f9347c9fdb6

  • SHA1

    88437e51dd3872af3658b57e7f489758e8cbf31d

  • SHA256

    6f78256f20eb2b5594391095a341f8749395e7566fdd2ddd3a34a0db9bb9f871

  • SHA512

    110ebaa176a7c8613f2f7d36d75805c9e3ecc747e4b3aadf6a3306e6f4f5ad46c187e4bc70ee50d9cca42a7f0ee03e660b921cb21ae71d1858e83faa231a1421

  • SSDEEP

    24576:aB7AHpszdFvDDXCnYydIrQldFu8hod/QodlyzJ8:axFzvSYyd5FadRdd

Score
10/10
systembcpersistencetrojan

Malware Config

Extracted

Family

systembc

C2

15.204.166.162:5757

194.87.111.29:5757

Targets

    • Target

      scks.exe

    • Size

      934KB

    • MD5

      3d339c1499363d7571073f9347c9fdb6

    • SHA1

      88437e51dd3872af3658b57e7f489758e8cbf31d

    • SHA256

      6f78256f20eb2b5594391095a341f8749395e7566fdd2ddd3a34a0db9bb9f871

    • SHA512

      110ebaa176a7c8613f2f7d36d75805c9e3ecc747e4b3aadf6a3306e6f4f5ad46c187e4bc70ee50d9cca42a7f0ee03e660b921cb21ae71d1858e83faa231a1421

    • SSDEEP

      24576:aB7AHpszdFvDDXCnYydIrQldFu8hod/QodlyzJ8:axFzvSYyd5FadRdd

    Score
    10/10
    systembcpersistencetrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks