General
-
Target
6bc401f2d24746bb192fb23fcaf705b94b7f6742b9d651266345bbab434e351c
-
Size
89KB
-
Sample
220427-whythaffe5
-
MD5
754f68fbcd88c48a9c689632b66967c4
-
SHA1
fc20fe331d1699145df56ec11a95cb6d7f72279f
-
SHA256
6bc401f2d24746bb192fb23fcaf705b94b7f6742b9d651266345bbab434e351c
-
SHA512
0b7e83826ec8a7599fd876590e8c096f71a034d56e34d138c4d29ac3bf8c512aecacebdd64a47ce5bf449a27802cf915a5a6a8ae251eb66a7262df1065a0f839
Static task
static1
Behavioral task
behavioral1
Sample
6bc401f2d24746bb192fb23fcaf705b94b7f6742b9d651266345bbab434e351c.exe
Resource
win7-20220414-en
Malware Config
Extracted
systembc
advertrex20.xyz:4044
gentexman37.xyz:4044
Targets
-
-
Target
6bc401f2d24746bb192fb23fcaf705b94b7f6742b9d651266345bbab434e351c
-
Size
89KB
-
MD5
754f68fbcd88c48a9c689632b66967c4
-
SHA1
fc20fe331d1699145df56ec11a95cb6d7f72279f
-
SHA256
6bc401f2d24746bb192fb23fcaf705b94b7f6742b9d651266345bbab434e351c
-
SHA512
0b7e83826ec8a7599fd876590e8c096f71a034d56e34d138c4d29ac3bf8c512aecacebdd64a47ce5bf449a27802cf915a5a6a8ae251eb66a7262df1065a0f839
-
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-