General
-
Target
2acd7bc3c78edc1630e17dd81edbccb0434e83d7100f08fcd4b4b6e0df9cb6ec
-
Size
357KB
-
Sample
220418-maf42seea7
-
MD5
6adff82e37aadb238d58699f857e5f8b
-
SHA1
f779cdc5c8d6a8595a0850cb8fb7097e4f74f66d
-
SHA256
2acd7bc3c78edc1630e17dd81edbccb0434e83d7100f08fcd4b4b6e0df9cb6ec
-
SHA512
e9edae21aa6708690ed8a7df2555e48121677d43f3994f2407ca4ead9ac775a02cb73e367830c9cd8f49587e43a7c5a546cc400c5a46ce00e9fef81f3fb4eb96
Static task
static1
Behavioral task
behavioral1
Sample
2acd7bc3c78edc1630e17dd81edbccb0434e83d7100f08fcd4b4b6e0df9cb6ec.exe
Resource
win7-20220414-en
Malware Config
Extracted
systembc
sdadvert197.com:4044
mexstat128.com:4044
Targets
-
-
Target
2acd7bc3c78edc1630e17dd81edbccb0434e83d7100f08fcd4b4b6e0df9cb6ec
-
Size
357KB
-
MD5
6adff82e37aadb238d58699f857e5f8b
-
SHA1
f779cdc5c8d6a8595a0850cb8fb7097e4f74f66d
-
SHA256
2acd7bc3c78edc1630e17dd81edbccb0434e83d7100f08fcd4b4b6e0df9cb6ec
-
SHA512
e9edae21aa6708690ed8a7df2555e48121677d43f3994f2407ca4ead9ac775a02cb73e367830c9cd8f49587e43a7c5a546cc400c5a46ce00e9fef81f3fb4eb96
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-