General
-
Target
af35b29f584f06fefbdb9f25bf0dd3679661e449bd3a9e7f282906b27ea517dd
-
Size
253KB
-
Sample
220419-qm487aaaen
-
MD5
9cd154556bc65d6fe2007074790248f7
-
SHA1
7340996d675919b7212134457b425923eb42563e
-
SHA256
af35b29f584f06fefbdb9f25bf0dd3679661e449bd3a9e7f282906b27ea517dd
-
SHA512
e2d55fcd373b5768023638a1e0ad3229710a75034c7acfd0896279ad716a72c1d51bd01710c4baba6be7b6919eb93c251de7632e7d258e95648a878099dd2c3a
Static task
static1
Behavioral task
behavioral1
Sample
af35b29f584f06fefbdb9f25bf0dd3679661e449bd3a9e7f282906b27ea517dd.exe
Resource
win7-20220414-en
Malware Config
Extracted
systembc
sdadvert197.com:4044
mexstat128.com:4044
Targets
-
-
Target
af35b29f584f06fefbdb9f25bf0dd3679661e449bd3a9e7f282906b27ea517dd
-
Size
253KB
-
MD5
9cd154556bc65d6fe2007074790248f7
-
SHA1
7340996d675919b7212134457b425923eb42563e
-
SHA256
af35b29f584f06fefbdb9f25bf0dd3679661e449bd3a9e7f282906b27ea517dd
-
SHA512
e2d55fcd373b5768023638a1e0ad3229710a75034c7acfd0896279ad716a72c1d51bd01710c4baba6be7b6919eb93c251de7632e7d258e95648a878099dd2c3a
-
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-