General
-
Target
dbe74212670f3e8b68dd6107f659c4de2be4dd68aab6f9446956e8f425bb2aab
-
Size
129KB
-
Sample
220508-glht5abfdj
-
MD5
45c62274159056d7565d64faff15929e
-
SHA1
de96ebb4ca03273244dcd44ae140a0db52a7dfa2
-
SHA256
dbe74212670f3e8b68dd6107f659c4de2be4dd68aab6f9446956e8f425bb2aab
-
SHA512
81a2abd0d43463575f0db6885c9809bbdb462442a3675d3c825890d46064ada69a70cf4a6f73c75160565a768eb6eaad7a6f462f77d64e75ec1c70524c9f3b7a
Static task
static1
Behavioral task
behavioral1
Sample
dbe74212670f3e8b68dd6107f659c4de2be4dd68aab6f9446956e8f425bb2aab.exe
Resource
win7-20220414-en
Malware Config
Extracted
systembc
sdadvert197.com:4044
mexstat128.com:4044
Targets
-
-
Target
dbe74212670f3e8b68dd6107f659c4de2be4dd68aab6f9446956e8f425bb2aab
-
Size
129KB
-
MD5
45c62274159056d7565d64faff15929e
-
SHA1
de96ebb4ca03273244dcd44ae140a0db52a7dfa2
-
SHA256
dbe74212670f3e8b68dd6107f659c4de2be4dd68aab6f9446956e8f425bb2aab
-
SHA512
81a2abd0d43463575f0db6885c9809bbdb462442a3675d3c825890d46064ada69a70cf4a6f73c75160565a768eb6eaad7a6f462f77d64e75ec1c70524c9f3b7a
-
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-