General
-
Target
75bd3900ae29fc2d68c2fcf2f74f1444730f1d25a1c26a2a81c8657c816bc486
-
Size
156KB
-
Sample
220330-kjh9naehem
-
MD5
3ca6807211a0720f8f4eb6650014cf84
-
SHA1
5ea53d154530731e34a12a2dcf1291f3cd787a67
-
SHA256
75bd3900ae29fc2d68c2fcf2f74f1444730f1d25a1c26a2a81c8657c816bc486
-
SHA512
9a353d9c5ce677d309147c860f55957982a1df9de47d8d464f591e37a96241c9c036beffb46911f21d7b61bb419c568600dbe378533ce5294b3cdc61e2d47155
Static task
static1
Behavioral task
behavioral1
Sample
75bd3900ae29fc2d68c2fcf2f74f1444730f1d25a1c26a2a81c8657c816bc486.exe
Resource
win7-20220310-en
Malware Config
Extracted
systembc
advertrex20.xyz:4044
gentexman37.xyz:4044
Targets
-
-
Target
75bd3900ae29fc2d68c2fcf2f74f1444730f1d25a1c26a2a81c8657c816bc486
-
Size
156KB
-
MD5
3ca6807211a0720f8f4eb6650014cf84
-
SHA1
5ea53d154530731e34a12a2dcf1291f3cd787a67
-
SHA256
75bd3900ae29fc2d68c2fcf2f74f1444730f1d25a1c26a2a81c8657c816bc486
-
SHA512
9a353d9c5ce677d309147c860f55957982a1df9de47d8d464f591e37a96241c9c036beffb46911f21d7b61bb419c568600dbe378533ce5294b3cdc61e2d47155
-
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-