General
-
Target
4998be5d75d44d405ec6144f6fbc13083d58dfb38b1d309004ac2c6aa82d13b3
-
Size
86KB
-
Sample
220328-v86flacfh9
-
MD5
15fc2174c2ae34b7fe7cd171779fecf2
-
SHA1
91a705af5d47a7e96b04f79c065a2d19fbc7916a
-
SHA256
4998be5d75d44d405ec6144f6fbc13083d58dfb38b1d309004ac2c6aa82d13b3
-
SHA512
b2cc0196feb948c1084f6de526b39ace1b3ff85c0824947bc4f2420a1583967194be5190a7752a872628e089acdd9730dd88188ee08123c0460307a86bfa6ba5
Static task
static1
Behavioral task
behavioral1
Sample
4998be5d75d44d405ec6144f6fbc13083d58dfb38b1d309004ac2c6aa82d13b3.exe
Resource
win7-20220310-en
Malware Config
Extracted
systembc
advertrex20.xyz:4044
gentexman37.xyz:4044
Targets
-
-
Target
4998be5d75d44d405ec6144f6fbc13083d58dfb38b1d309004ac2c6aa82d13b3
-
Size
86KB
-
MD5
15fc2174c2ae34b7fe7cd171779fecf2
-
SHA1
91a705af5d47a7e96b04f79c065a2d19fbc7916a
-
SHA256
4998be5d75d44d405ec6144f6fbc13083d58dfb38b1d309004ac2c6aa82d13b3
-
SHA512
b2cc0196feb948c1084f6de526b39ace1b3ff85c0824947bc4f2420a1583967194be5190a7752a872628e089acdd9730dd88188ee08123c0460307a86bfa6ba5
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-