General
-
Target
e7f4d680ea1ce138f3d3362a7bb03e1b1e692e4c44328d24d668e5dca24d6d9e
-
Size
217KB
-
Sample
220508-dmxg5adhb9
-
MD5
790578f36d82b60747161ce1c95d320f
-
SHA1
99de20939bb24d34d2274c7e7960a5b610e8e546
-
SHA256
e7f4d680ea1ce138f3d3362a7bb03e1b1e692e4c44328d24d668e5dca24d6d9e
-
SHA512
fc665610b537fd6fa30debaa3e821ca50edcc89e03a120163f0f9160cf5e36d64a4aefe19d6577c1396c78e2cf5327f2f853b06a1b82314e1e9904f1e06be1d7
Static task
static1
Behavioral task
behavioral1
Sample
e7f4d680ea1ce138f3d3362a7bb03e1b1e692e4c44328d24d668e5dca24d6d9e.exe
Resource
win7-20220414-en
Malware Config
Extracted
systembc
asdasd05.com:4035
asdasd05.xyz:4035
Targets
-
-
Target
e7f4d680ea1ce138f3d3362a7bb03e1b1e692e4c44328d24d668e5dca24d6d9e
-
Size
217KB
-
MD5
790578f36d82b60747161ce1c95d320f
-
SHA1
99de20939bb24d34d2274c7e7960a5b610e8e546
-
SHA256
e7f4d680ea1ce138f3d3362a7bb03e1b1e692e4c44328d24d668e5dca24d6d9e
-
SHA512
fc665610b537fd6fa30debaa3e821ca50edcc89e03a120163f0f9160cf5e36d64a4aefe19d6577c1396c78e2cf5327f2f853b06a1b82314e1e9904f1e06be1d7
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-