General
-
Target
eeb70157878895f60fe11a8cb0f37907549cd44857592d7ee0a769a9eef9dced
-
Size
234KB
-
Sample
220320-a5d7qaddb9
-
MD5
226ee1dec8ea871161b64020b2ee8663
-
SHA1
0866413ef90e37186ff269d1270e57c2b50f6b2f
-
SHA256
eeb70157878895f60fe11a8cb0f37907549cd44857592d7ee0a769a9eef9dced
-
SHA512
c5d8eff81783afae5f6de0e8aeb0586ca7af086ee99c6fcff87867730cb36f6a4c067bc82a2c32e6a10fff1d24c93a57931270d2df4c33d317965499cb7f651d
Static task
static1
Behavioral task
behavioral1
Sample
eeb70157878895f60fe11a8cb0f37907549cd44857592d7ee0a769a9eef9dced.exe
Resource
win7-20220310-en
Malware Config
Extracted
systembc
dec15coma.com:4039
dec15coma.xyz:4039
Targets
-
-
Target
eeb70157878895f60fe11a8cb0f37907549cd44857592d7ee0a769a9eef9dced
-
Size
234KB
-
MD5
226ee1dec8ea871161b64020b2ee8663
-
SHA1
0866413ef90e37186ff269d1270e57c2b50f6b2f
-
SHA256
eeb70157878895f60fe11a8cb0f37907549cd44857592d7ee0a769a9eef9dced
-
SHA512
c5d8eff81783afae5f6de0e8aeb0586ca7af086ee99c6fcff87867730cb36f6a4c067bc82a2c32e6a10fff1d24c93a57931270d2df4c33d317965499cb7f651d
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-