General
-
Target
c6796f4e5a17fb9ce0e1d33b9d767fbed5a4c43e65e2741af09015cb23932d2b
-
Size
129KB
-
Sample
220502-cc95ssecdq
-
MD5
97df61f72744b694bc0ce16556510b83
-
SHA1
b6c9484e550f8f4ff3155c5ed8ae4a8e3422018c
-
SHA256
c6796f4e5a17fb9ce0e1d33b9d767fbed5a4c43e65e2741af09015cb23932d2b
-
SHA512
610a3b2b253d7e34c2091250354d9d08b524d8da3836ca75d96af2562551176a9e85fdb02d6ed6aeb417c84b19c1cdea9a4b9644136f3c4ed3bfb554e5f81486
Static task
static1
Behavioral task
behavioral1
Sample
c6796f4e5a17fb9ce0e1d33b9d767fbed5a4c43e65e2741af09015cb23932d2b.exe
Resource
win7-20220414-en
Malware Config
Extracted
systembc
dasd13d.com:4035
dasd13d.xyz:4035
Targets
-
-
Target
c6796f4e5a17fb9ce0e1d33b9d767fbed5a4c43e65e2741af09015cb23932d2b
-
Size
129KB
-
MD5
97df61f72744b694bc0ce16556510b83
-
SHA1
b6c9484e550f8f4ff3155c5ed8ae4a8e3422018c
-
SHA256
c6796f4e5a17fb9ce0e1d33b9d767fbed5a4c43e65e2741af09015cb23932d2b
-
SHA512
610a3b2b253d7e34c2091250354d9d08b524d8da3836ca75d96af2562551176a9e85fdb02d6ed6aeb417c84b19c1cdea9a4b9644136f3c4ed3bfb554e5f81486
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-