General
-
Target
5e27c0fcfbf3bbabdcac743b1d948f88560cbe30ffb8f45beb062d555fd7c3db
-
Size
128KB
-
Sample
220502-jle5cabadj
-
MD5
8b462afe450df7f333a7da76f731cb62
-
SHA1
73e532ebfbd033039575b5457ac7023f920741fe
-
SHA256
5e27c0fcfbf3bbabdcac743b1d948f88560cbe30ffb8f45beb062d555fd7c3db
-
SHA512
2c4029871f2efa811b4cf17e1b55e273254716c01302de5f1489ec9ecc1342b58de929fac043f4f3b6720c1170c59e549540e626d46087bc687991b98256c3cd
Static task
static1
Behavioral task
behavioral1
Sample
5e27c0fcfbf3bbabdcac743b1d948f88560cbe30ffb8f45beb062d555fd7c3db.exe
Resource
win7-20220414-en
Malware Config
Extracted
systembc
sdadvert197.com:4044
mexstat128.com:4044
Targets
-
-
Target
5e27c0fcfbf3bbabdcac743b1d948f88560cbe30ffb8f45beb062d555fd7c3db
-
Size
128KB
-
MD5
8b462afe450df7f333a7da76f731cb62
-
SHA1
73e532ebfbd033039575b5457ac7023f920741fe
-
SHA256
5e27c0fcfbf3bbabdcac743b1d948f88560cbe30ffb8f45beb062d555fd7c3db
-
SHA512
2c4029871f2efa811b4cf17e1b55e273254716c01302de5f1489ec9ecc1342b58de929fac043f4f3b6720c1170c59e549540e626d46087bc687991b98256c3cd
-
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-