General
-
Target
e62582236c24973720e092adec05f8c5.bin
-
Size
97KB
-
Sample
230127-rtwq3abf56
-
MD5
b94116e3f5ae083a9201a8fe8b9d0111
-
SHA1
3b5467b0a77dc49b570fa7925c5a6663ec24b4ad
-
SHA256
91eba91d8b9f359f751e25935401f51ee6f6fb49304263050690d5079475606e
-
SHA512
ef94c173f8696cb9e14146656d3469528219cb33bf104d2da173740567ffe34e529e4337734c3b057cce367b1946070ed13b1bf9f7121bf780e22a40b0240d61
-
SSDEEP
1536:uyIMFVZI0K78Sjw+Sr44n1YuDclhBxEolXHEIlRWMPFqVW1e5uZ6OrnhXrSZrQD:hnXZIF7jI4sUOolXfRRPAl5I6Orh7SZg
Static task
static1
Behavioral task
behavioral1
Sample
fb45af7bb8ffdcddaaec2a9e88968fbcb82eaedbdf1c16a7e9ac861906a07e23.exe
Resource
win7-20221111-en
Malware Config
Extracted
systembc
advertrex20.xyz:4044
gentexman37.xyz:4044
Targets
-
-
Target
fb45af7bb8ffdcddaaec2a9e88968fbcb82eaedbdf1c16a7e9ac861906a07e23.exe
-
Size
156KB
-
MD5
e62582236c24973720e092adec05f8c5
-
SHA1
dc865394a456b89282bf248eeff3509ec0116911
-
SHA256
fb45af7bb8ffdcddaaec2a9e88968fbcb82eaedbdf1c16a7e9ac861906a07e23
-
SHA512
702960c841eec4c16d4b686c1cafe42d1568e3cde1aebca4c2feaef275dc9efd5dea8e6260d4a18f92d63640bd530ccb071de42a6511a7719fbbe7ee2b9bda2a
-
SSDEEP
3072:SXiOd5A7ENBKYEm9/1fUQcl7XcOOILUJC2PsrZLILNNOmr:SXiEA7EfKYE6RU1AnvspsP
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-