General
-
Target
8e19fd66ec247a6ef30b5596bcf5ab7d615a12f0a79739117c1c88112c43968a
-
Size
203KB
-
Sample
220419-qn1bmaabfk
-
MD5
40bd21b534a875137016dd1c93407366
-
SHA1
941dcff9464e407c060051475758f84e80998417
-
SHA256
8e19fd66ec247a6ef30b5596bcf5ab7d615a12f0a79739117c1c88112c43968a
-
SHA512
e5466a0c3b4e1c74192ee2db85bf3809904687934b6e2ffb2a1469b8f6510d03d80c948b364a67ed43fd4f753b29355dcb3252ecc073bca21e2880b4254ab31e
Static task
static1
Behavioral task
behavioral1
Sample
8e19fd66ec247a6ef30b5596bcf5ab7d615a12f0a79739117c1c88112c43968a.exe
Resource
win7-20220414-en
Malware Config
Extracted
systembc
sdadvert197.com:4044
mexstat128.com:4044
Targets
-
-
Target
8e19fd66ec247a6ef30b5596bcf5ab7d615a12f0a79739117c1c88112c43968a
-
Size
203KB
-
MD5
40bd21b534a875137016dd1c93407366
-
SHA1
941dcff9464e407c060051475758f84e80998417
-
SHA256
8e19fd66ec247a6ef30b5596bcf5ab7d615a12f0a79739117c1c88112c43968a
-
SHA512
e5466a0c3b4e1c74192ee2db85bf3809904687934b6e2ffb2a1469b8f6510d03d80c948b364a67ed43fd4f753b29355dcb3252ecc073bca21e2880b4254ab31e
-
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-