General
-
Target
cfdcc3ea8f9cd2cf619e755da0d07d1501afaec23bc9f5d2ecc195625172ad86
-
Size
122KB
-
Sample
220502-bwq1ladeej
-
MD5
2085da3926285d53a13b68175bdf2ccb
-
SHA1
0853c04cd6646e3a33145d240290298a89eb3828
-
SHA256
cfdcc3ea8f9cd2cf619e755da0d07d1501afaec23bc9f5d2ecc195625172ad86
-
SHA512
7d13b931cfed63123107abc0a0ab5c6f3a616c5b22194bfb64e3b5035e94ee0b3a855f1a113eb4b214e0ebf9d328a54f11a855c0a7a897079e098b8c842ada24
Static task
static1
Behavioral task
behavioral1
Sample
cfdcc3ea8f9cd2cf619e755da0d07d1501afaec23bc9f5d2ecc195625172ad86.exe
Resource
win7-20220414-en
Malware Config
Extracted
systembc
dasd13d.com:4035
dasd13d.xyz:4035
Targets
-
-
Target
cfdcc3ea8f9cd2cf619e755da0d07d1501afaec23bc9f5d2ecc195625172ad86
-
Size
122KB
-
MD5
2085da3926285d53a13b68175bdf2ccb
-
SHA1
0853c04cd6646e3a33145d240290298a89eb3828
-
SHA256
cfdcc3ea8f9cd2cf619e755da0d07d1501afaec23bc9f5d2ecc195625172ad86
-
SHA512
7d13b931cfed63123107abc0a0ab5c6f3a616c5b22194bfb64e3b5035e94ee0b3a855f1a113eb4b214e0ebf9d328a54f11a855c0a7a897079e098b8c842ada24
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-
Drops file in System32 directory
-