General
-
Target
f59636192874b9735dc7a4cb55eb0aa64e5499df1e7154a807b3cc0a46e35572
-
Size
152KB
-
Sample
220330-btnsfsabdm
-
MD5
fdc04e9186fa3085fac12d029542ae33
-
SHA1
168d4d4614d89fa69bb9af26d7373ceae5ea09b3
-
SHA256
f59636192874b9735dc7a4cb55eb0aa64e5499df1e7154a807b3cc0a46e35572
-
SHA512
e3f3baa0331d371f22891288542ca04057f06cb0e288c2cb34e7e9ed008116e8f8361ea10dca6a1fd38bbc5093cf1981e51f79b2a128cd569cbf9bc742ad82c0
Static task
static1
Behavioral task
behavioral1
Sample
f59636192874b9735dc7a4cb55eb0aa64e5499df1e7154a807b3cc0a46e35572.exe
Resource
win7-20220311-en
Malware Config
Extracted
systembc
advertrex20.xyz:4044
gentexman37.xyz:4044
Targets
-
-
Target
f59636192874b9735dc7a4cb55eb0aa64e5499df1e7154a807b3cc0a46e35572
-
Size
152KB
-
MD5
fdc04e9186fa3085fac12d029542ae33
-
SHA1
168d4d4614d89fa69bb9af26d7373ceae5ea09b3
-
SHA256
f59636192874b9735dc7a4cb55eb0aa64e5499df1e7154a807b3cc0a46e35572
-
SHA512
e3f3baa0331d371f22891288542ca04057f06cb0e288c2cb34e7e9ed008116e8f8361ea10dca6a1fd38bbc5093cf1981e51f79b2a128cd569cbf9bc742ad82c0
-
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-