General
-
Target
271fe3448d93bd8763141e498c63551bfbd4633c83f51af3a20d7d97120a05f2
-
Size
308KB
-
Sample
220328-yqt7dsaedp
-
MD5
ffcf9dc241ae44958360fce0600d1f79
-
SHA1
f469de123bbb6fc61d72a95b85260fc3b2f33ac4
-
SHA256
271fe3448d93bd8763141e498c63551bfbd4633c83f51af3a20d7d97120a05f2
-
SHA512
f923c49c078c15063ae6a96730286bbeeab0dd74f6f3b90edf6b57665cb288e6e1e013134593ace34756eef6ea650ed051295ea5de070fdf8465aeb4373e40df
Static task
static1
Behavioral task
behavioral1
Sample
271fe3448d93bd8763141e498c63551bfbd4633c83f51af3a20d7d97120a05f2.exe
Resource
win7-20220311-en
Malware Config
Extracted
systembc
advertrex20.xyz:4044
gentexman37.xyz:4044
Targets
-
-
Target
271fe3448d93bd8763141e498c63551bfbd4633c83f51af3a20d7d97120a05f2
-
Size
308KB
-
MD5
ffcf9dc241ae44958360fce0600d1f79
-
SHA1
f469de123bbb6fc61d72a95b85260fc3b2f33ac4
-
SHA256
271fe3448d93bd8763141e498c63551bfbd4633c83f51af3a20d7d97120a05f2
-
SHA512
f923c49c078c15063ae6a96730286bbeeab0dd74f6f3b90edf6b57665cb288e6e1e013134593ace34756eef6ea650ed051295ea5de070fdf8465aeb4373e40df
-
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-