General
-
Target
825cd09f1e55ed54d6c147ee95d575e6089394f6c56ba87fd5a3ae5439c841c1
-
Size
109KB
-
Sample
220328-wh2kdschc7
-
MD5
fe5027423ed1c90793454939d6133215
-
SHA1
3b6595f5c588f567de48862f0125ba05170c7340
-
SHA256
825cd09f1e55ed54d6c147ee95d575e6089394f6c56ba87fd5a3ae5439c841c1
-
SHA512
f6447b4a0d09a49a568b4c77eb1c9b183d8e9d2c30b8d2fa74a4113cffdb02343b0470c97e46f572f7d2c470b6c276de49ca4041d45fec9107d15852e40dd3b4
Static task
static1
Behavioral task
behavioral1
Sample
825cd09f1e55ed54d6c147ee95d575e6089394f6c56ba87fd5a3ae5439c841c1.exe
Resource
win7-20220311-en
Malware Config
Extracted
systembc
advertrex20.xyz:4044
gentexman37.xyz:4044
Targets
-
-
Target
825cd09f1e55ed54d6c147ee95d575e6089394f6c56ba87fd5a3ae5439c841c1
-
Size
109KB
-
MD5
fe5027423ed1c90793454939d6133215
-
SHA1
3b6595f5c588f567de48862f0125ba05170c7340
-
SHA256
825cd09f1e55ed54d6c147ee95d575e6089394f6c56ba87fd5a3ae5439c841c1
-
SHA512
f6447b4a0d09a49a568b4c77eb1c9b183d8e9d2c30b8d2fa74a4113cffdb02343b0470c97e46f572f7d2c470b6c276de49ca4041d45fec9107d15852e40dd3b4
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-