General
-
Target
8e6dd1a50d58aef4a86f76c340f6a36faee0ec4f97886978d43a870be5b508f0
-
Size
233KB
-
Sample
220319-3pt78accdr
-
MD5
cc16e6e7af14fcf5f4a001b85930dc8f
-
SHA1
580b5baff09663396fb27d52e43a58ef25ed43dd
-
SHA256
8e6dd1a50d58aef4a86f76c340f6a36faee0ec4f97886978d43a870be5b508f0
-
SHA512
c451ec2e3056086842b52e8105a04a67a50609d1e8a7c296e7171432ccc5572c62e69b1edb8d6e600ddb451240847ba4d8621452ea99e98036978cc3712274d9
Static task
static1
Behavioral task
behavioral1
Sample
8e6dd1a50d58aef4a86f76c340f6a36faee0ec4f97886978d43a870be5b508f0.exe
Resource
win7-20220311-en
Malware Config
Extracted
systembc
dec15coma.com:4039
dec15coma.xyz:4039
Targets
-
-
Target
8e6dd1a50d58aef4a86f76c340f6a36faee0ec4f97886978d43a870be5b508f0
-
Size
233KB
-
MD5
cc16e6e7af14fcf5f4a001b85930dc8f
-
SHA1
580b5baff09663396fb27d52e43a58ef25ed43dd
-
SHA256
8e6dd1a50d58aef4a86f76c340f6a36faee0ec4f97886978d43a870be5b508f0
-
SHA512
c451ec2e3056086842b52e8105a04a67a50609d1e8a7c296e7171432ccc5572c62e69b1edb8d6e600ddb451240847ba4d8621452ea99e98036978cc3712274d9
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-