Historically linked to ransomware affiliates (such as those deploying Ryuk or Conti ) who use it for lateral movement and command-and-control (C2) communication [4, 6]. Typical Behavior
The file is a compressed archive frequently associated with malware distribution , specifically related to the deployment of SystemBC , a remote access trojan (RAT) and SOCKS5 proxy [1, 2]. It is commonly used by cybercriminals to establish encrypted tunnels and hide malicious traffic within a compromised network [2, 3]. Technical Summary File Type: 7-Zip Compressed Archive (.7z) [1].
If possible, submit the file to a secure sandbox or platform like VirusTotal to confirm the specific variant and extract Indicators of Compromise (IOCs) [1].
Acts as a SOCKS5 proxy , allowing attackers to pivot through infected machines to reach other parts of a network or bypass firewalls [3, 4].
Conduct a full forensic sweep to identify the initial entry point, as the presence of this file usually indicates an active, ongoing intrusion [4, 6].
Immediately isolate any workstation where this file is discovered from the rest of the network [2].
It communicates with hardcoded IP addresses or domains using a custom binary protocol to receive instructions from the attacker [3, 6]. Security Recommendations
Historically linked to ransomware affiliates (such as those deploying Ryuk or Conti ) who use it for lateral movement and command-and-control (C2) communication [4, 6]. Typical Behavior
The file is a compressed archive frequently associated with malware distribution , specifically related to the deployment of SystemBC , a remote access trojan (RAT) and SOCKS5 proxy [1, 2]. It is commonly used by cybercriminals to establish encrypted tunnels and hide malicious traffic within a compromised network [2, 3]. Technical Summary File Type: 7-Zip Compressed Archive (.7z) [1]. socksonly.7z
If possible, submit the file to a secure sandbox or platform like VirusTotal to confirm the specific variant and extract Indicators of Compromise (IOCs) [1]. Historically linked to ransomware affiliates (such as those
Acts as a SOCKS5 proxy , allowing attackers to pivot through infected machines to reach other parts of a network or bypass firewalls [3, 4]. Technical Summary File Type: 7-Zip Compressed Archive (
Conduct a full forensic sweep to identify the initial entry point, as the presence of this file usually indicates an active, ongoing intrusion [4, 6].
Immediately isolate any workstation where this file is discovered from the rest of the network [2].
It communicates with hardcoded IP addresses or domains using a custom binary protocol to receive instructions from the attacker [3, 6]. Security Recommendations