General
-
Target
c3c48782f893bd61e1102c3095b8c3f7ed842e3e6889ee026d581c5dd1637676
-
Size
106KB
-
Sample
220503-r5t2lsheg3
-
MD5
85fc0168e19390f9799ab42bfb1e3879
-
SHA1
25c56170f447f87f7fa8f2cf6a94c2916fc98047
-
SHA256
c3c48782f893bd61e1102c3095b8c3f7ed842e3e6889ee026d581c5dd1637676
-
SHA512
852a3dd7cf1734ccd60808a9d60e771bb158a777464dc6cf53392fca098a4be97cf36d04a7955a694b8f4ce19e8232492fb4d56083ac16d7f4cded47dff581c1
Static task
static1
Behavioral task
behavioral1
Sample
c3c48782f893bd61e1102c3095b8c3f7ed842e3e6889ee026d581c5dd1637676.exe
Resource
win7-20220414-en
Malware Config
Extracted
systembc
sdadvert197.com:4044
mexstat128.com:4044
Targets
-
-
Target
c3c48782f893bd61e1102c3095b8c3f7ed842e3e6889ee026d581c5dd1637676
-
Size
106KB
-
MD5
85fc0168e19390f9799ab42bfb1e3879
-
SHA1
25c56170f447f87f7fa8f2cf6a94c2916fc98047
-
SHA256
c3c48782f893bd61e1102c3095b8c3f7ed842e3e6889ee026d581c5dd1637676
-
SHA512
852a3dd7cf1734ccd60808a9d60e771bb158a777464dc6cf53392fca098a4be97cf36d04a7955a694b8f4ce19e8232492fb4d56083ac16d7f4cded47dff581c1
-
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-