General
-
Target
40753d4f4ba5863be3aaaa38cd50995a.exe
-
Size
114KB
-
Sample
230208-xr3z9adh5z
-
MD5
40753d4f4ba5863be3aaaa38cd50995a
-
SHA1
cb58f6a57ecd27e7380e0f38dedb621d7d161e19
-
SHA256
23f66ece38393f81fc1f892c9243cebb6e5412b95629cc07fa83065f5b5a3e02
-
SHA512
7a458e629b22a0d62b9b34df9e04e40eca88ebc8f4067f42f83a0a1d6812cf56635c3d17c48b5ef97ea900c439ab30d32c5307ce6bfee7842b2202e3e1a831ad
-
SSDEEP
1536:hGFLBB4S2zN22dyPPVHbPa3bjCY0X+9hGUhW5jSVM3JdT4AFuxbUS:hGFLBb2o+3CXXE1W520JdMAFuxbU
Static task
static1
Behavioral task
behavioral1
Sample
40753d4f4ba5863be3aaaa38cd50995a.exe
Resource
win7-20221111-en
Malware Config
Extracted
systembc
winstationsocks.com:4124
winstationsocks.xyz:4124
Targets
-
-
Target
40753d4f4ba5863be3aaaa38cd50995a.exe
-
Size
114KB
-
MD5
40753d4f4ba5863be3aaaa38cd50995a
-
SHA1
cb58f6a57ecd27e7380e0f38dedb621d7d161e19
-
SHA256
23f66ece38393f81fc1f892c9243cebb6e5412b95629cc07fa83065f5b5a3e02
-
SHA512
7a458e629b22a0d62b9b34df9e04e40eca88ebc8f4067f42f83a0a1d6812cf56635c3d17c48b5ef97ea900c439ab30d32c5307ce6bfee7842b2202e3e1a831ad
-
SSDEEP
1536:hGFLBB4S2zN22dyPPVHbPa3bjCY0X+9hGUhW5jSVM3JdT4AFuxbUS:hGFLBb2o+3CXXE1W520JdMAFuxbU
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-