General
-
Target
dc7f6fc4e305c7a6a238061fbb834f468ca4fc0c3cf4c4b33d9b3c86db55c77a
-
Size
84KB
-
Sample
220508-glgxtsgfe2
-
MD5
259988cc4cc6819e0fdcf644a3ad62ee
-
SHA1
f0ae6d845f7c8a341ddad6d8059de93d489773de
-
SHA256
dc7f6fc4e305c7a6a238061fbb834f468ca4fc0c3cf4c4b33d9b3c86db55c77a
-
SHA512
8e87574ee7c59be26e5532b117251589c0eb8da3eb9f84cd08f8c00539f3678b85ac8858d4e77c55c3caf85d4d2a88fb95ca4896e7281e4e7fea8295eca43b01
Static task
static1
Behavioral task
behavioral1
Sample
dc7f6fc4e305c7a6a238061fbb834f468ca4fc0c3cf4c4b33d9b3c86db55c77a.exe
Resource
win7-20220414-en
Malware Config
Extracted
systembc
sdadvert197.com:4044
mexstat128.com:4044
Targets
-
-
Target
dc7f6fc4e305c7a6a238061fbb834f468ca4fc0c3cf4c4b33d9b3c86db55c77a
-
Size
84KB
-
MD5
259988cc4cc6819e0fdcf644a3ad62ee
-
SHA1
f0ae6d845f7c8a341ddad6d8059de93d489773de
-
SHA256
dc7f6fc4e305c7a6a238061fbb834f468ca4fc0c3cf4c4b33d9b3c86db55c77a
-
SHA512
8e87574ee7c59be26e5532b117251589c0eb8da3eb9f84cd08f8c00539f3678b85ac8858d4e77c55c3caf85d4d2a88fb95ca4896e7281e4e7fea8295eca43b01
-
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-