General
-
Target
67473fb1c8ccc03f6415b2a9d2c20ceaa6ad08c867a15cf69d07ea17cf9c98f7
-
Size
381KB
-
Sample
220418-l9m6zaedf2
-
MD5
8be0b78e7331f8376298b9c1f22dd340
-
SHA1
8af6cfecea6e51d6e92fb7a0b15b095c2cb2475e
-
SHA256
67473fb1c8ccc03f6415b2a9d2c20ceaa6ad08c867a15cf69d07ea17cf9c98f7
-
SHA512
f6cca3801b883d971bc4af10dbccb1f018084a18c8f71dd5bb14610aacffdda18057340dd4e88e49d681f6f91141b562a9fb8162c994f3ef6fc45207f65af9f8
Static task
static1
Behavioral task
behavioral1
Sample
67473fb1c8ccc03f6415b2a9d2c20ceaa6ad08c867a15cf69d07ea17cf9c98f7.exe
Resource
win7-20220414-en
Malware Config
Extracted
systembc
sdadvert197.com:4044
mexstat128.com:4044
Targets
-
-
Target
67473fb1c8ccc03f6415b2a9d2c20ceaa6ad08c867a15cf69d07ea17cf9c98f7
-
Size
381KB
-
MD5
8be0b78e7331f8376298b9c1f22dd340
-
SHA1
8af6cfecea6e51d6e92fb7a0b15b095c2cb2475e
-
SHA256
67473fb1c8ccc03f6415b2a9d2c20ceaa6ad08c867a15cf69d07ea17cf9c98f7
-
SHA512
f6cca3801b883d971bc4af10dbccb1f018084a18c8f71dd5bb14610aacffdda18057340dd4e88e49d681f6f91141b562a9fb8162c994f3ef6fc45207f65af9f8
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-