General
-
Target
35081647c14bfe19928e04f3c04fec9f9a66e98b364d0d27f3f057b0f98186f1
-
Size
265KB
-
Sample
220427-tehxrsfhcr
-
MD5
b15da1de33a731f12b3574c1e6845a1c
-
SHA1
08c12f9d8032dcb1f465cb1b57b8c2bc267f2ba6
-
SHA256
35081647c14bfe19928e04f3c04fec9f9a66e98b364d0d27f3f057b0f98186f1
-
SHA512
3df7cfa9fabd23119d8dbc1f99aafca7388aaae14fcdb9283fed7f7c29930ef9e2129160b94887371c1bdd78083fa3d57171b2405bd686a255b22fb5950f618f
Static task
static1
Behavioral task
behavioral1
Sample
35081647c14bfe19928e04f3c04fec9f9a66e98b364d0d27f3f057b0f98186f1.exe
Resource
win7-20220414-en
Malware Config
Extracted
systembc
advertrex20.xyz:4044
gentexman37.xyz:4044
Targets
-
-
Target
35081647c14bfe19928e04f3c04fec9f9a66e98b364d0d27f3f057b0f98186f1
-
Size
265KB
-
MD5
b15da1de33a731f12b3574c1e6845a1c
-
SHA1
08c12f9d8032dcb1f465cb1b57b8c2bc267f2ba6
-
SHA256
35081647c14bfe19928e04f3c04fec9f9a66e98b364d0d27f3f057b0f98186f1
-
SHA512
3df7cfa9fabd23119d8dbc1f99aafca7388aaae14fcdb9283fed7f7c29930ef9e2129160b94887371c1bdd78083fa3d57171b2405bd686a255b22fb5950f618f
-
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-