General
-
Target
b7a122f6adabcddb7744f3a31e593f5f4ad80e0d433eee8b6d61c13e86731152
-
Size
98KB
-
Sample
220328-wg9vdahbel
-
MD5
b0a7c828e9567926e1e6f7d846472d4e
-
SHA1
350ef211ce98cebdd6ac0a2260a53c16197d65fb
-
SHA256
b7a122f6adabcddb7744f3a31e593f5f4ad80e0d433eee8b6d61c13e86731152
-
SHA512
326bc5717f4fe6767a0708b31ca68eb8dd87309ead3693707b803581f8d743705195f5ffd7b006d5b6ad5f84d60bac48f889c1d85578e0dd9947e6ab28a7bf77
Static task
static1
Behavioral task
behavioral1
Sample
b7a122f6adabcddb7744f3a31e593f5f4ad80e0d433eee8b6d61c13e86731152.exe
Resource
win7-20220311-en
Malware Config
Extracted
systembc
advertrex20.xyz:4044
gentexman37.xyz:4044
Targets
-
-
Target
b7a122f6adabcddb7744f3a31e593f5f4ad80e0d433eee8b6d61c13e86731152
-
Size
98KB
-
MD5
b0a7c828e9567926e1e6f7d846472d4e
-
SHA1
350ef211ce98cebdd6ac0a2260a53c16197d65fb
-
SHA256
b7a122f6adabcddb7744f3a31e593f5f4ad80e0d433eee8b6d61c13e86731152
-
SHA512
326bc5717f4fe6767a0708b31ca68eb8dd87309ead3693707b803581f8d743705195f5ffd7b006d5b6ad5f84d60bac48f889c1d85578e0dd9947e6ab28a7bf77
-
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-