General
-
Target
3d2a6335cf267e52f65d919aeea421c75f47878f4139a80842080485b72d2ac7
-
Size
267KB
-
Sample
220427-tegdyafhcp
-
MD5
e213b1c3dc9cb0f7771d299d2cf7a346
-
SHA1
85229bc75fb370973c78afef7409554bc891dcf1
-
SHA256
3d2a6335cf267e52f65d919aeea421c75f47878f4139a80842080485b72d2ac7
-
SHA512
9bd45559c7da861711a8f706a8c2b5dc83916ff44f988ea86eb8794daf128b5ad426b954ff58356cfc521c165fb129bdbeafe286d4184250ca66b621125514e4
Static task
static1
Behavioral task
behavioral1
Sample
3d2a6335cf267e52f65d919aeea421c75f47878f4139a80842080485b72d2ac7.exe
Resource
win7-20220414-en
Malware Config
Extracted
systembc
advertrex20.xyz:4044
gentexman37.xyz:4044
Targets
-
-
Target
3d2a6335cf267e52f65d919aeea421c75f47878f4139a80842080485b72d2ac7
-
Size
267KB
-
MD5
e213b1c3dc9cb0f7771d299d2cf7a346
-
SHA1
85229bc75fb370973c78afef7409554bc891dcf1
-
SHA256
3d2a6335cf267e52f65d919aeea421c75f47878f4139a80842080485b72d2ac7
-
SHA512
9bd45559c7da861711a8f706a8c2b5dc83916ff44f988ea86eb8794daf128b5ad426b954ff58356cfc521c165fb129bdbeafe286d4184250ca66b621125514e4
-
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-