General
-
Target
da7a3b341caea242aa95018d0e629b2ddc823763b721aeccdb1c9884d8f9ef24
-
Size
87KB
-
Sample
220414-hncassadck
-
MD5
dbfa6717c7f896d0d19696866e0dba24
-
SHA1
78426c577a9d521f96010efaa8d1038773e5f853
-
SHA256
da7a3b341caea242aa95018d0e629b2ddc823763b721aeccdb1c9884d8f9ef24
-
SHA512
5f4601e79e2b2348dfcd56eac79c85160545d3c279bc1027c14aa533a38f0ecd457575144eb4485fbd5d580c7a2865e9bd6aa12f2df123ab8dff888ca586a249
Static task
static1
Behavioral task
behavioral1
Sample
da7a3b341caea242aa95018d0e629b2ddc823763b721aeccdb1c9884d8f9ef24.exe
Resource
win7-20220331-en
Malware Config
Extracted
systembc
advertrex20.xyz:4044
gentexman37.xyz:4044
Targets
-
-
Target
da7a3b341caea242aa95018d0e629b2ddc823763b721aeccdb1c9884d8f9ef24
-
Size
87KB
-
MD5
dbfa6717c7f896d0d19696866e0dba24
-
SHA1
78426c577a9d521f96010efaa8d1038773e5f853
-
SHA256
da7a3b341caea242aa95018d0e629b2ddc823763b721aeccdb1c9884d8f9ef24
-
SHA512
5f4601e79e2b2348dfcd56eac79c85160545d3c279bc1027c14aa533a38f0ecd457575144eb4485fbd5d580c7a2865e9bd6aa12f2df123ab8dff888ca586a249
-
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-