General
-
Target
70bdc622d4ecb4da6eb1d3a5f98652ab
-
Size
90KB
-
Sample
231219-wldyhabgf5
-
MD5
70bdc622d4ecb4da6eb1d3a5f98652ab
-
SHA1
6be9177289178f1799ca1241a35e94d24089148e
-
SHA256
f82516c78483b315b21307bcbecd66273dfa1963f3ffa9d2609df6341e00a95e
-
SHA512
f04a3df175241f72c85c6eb4e447aebb8f8832d09327c9f80a661e318cb265bc7b7a0490575f9c80e3142e493fc95588d7cca4e4c230ce09b93ab535a6e66c39
-
SSDEEP
1536:804f1SMHjZ0k/tB1g//I0DuoxbxAHscmbiMKoEYP34B53FgAMKgNqpdcLc:ef1BDZ0kVB67Duw9AMcmbiMEeIb3PFgK
Static task
static1
Behavioral task
behavioral1
Sample
70bdc622d4ecb4da6eb1d3a5f98652ab.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
70bdc622d4ecb4da6eb1d3a5f98652ab.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
systembc
80.85.84.79:4001
Targets
-
-
Target
70bdc622d4ecb4da6eb1d3a5f98652ab
-
Size
90KB
-
MD5
70bdc622d4ecb4da6eb1d3a5f98652ab
-
SHA1
6be9177289178f1799ca1241a35e94d24089148e
-
SHA256
f82516c78483b315b21307bcbecd66273dfa1963f3ffa9d2609df6341e00a95e
-
SHA512
f04a3df175241f72c85c6eb4e447aebb8f8832d09327c9f80a661e318cb265bc7b7a0490575f9c80e3142e493fc95588d7cca4e4c230ce09b93ab535a6e66c39
-
SSDEEP
1536:804f1SMHjZ0k/tB1g//I0DuoxbxAHscmbiMKoEYP34B53FgAMKgNqpdcLc:ef1BDZ0kVB67Duw9AMcmbiMEeIb3PFgK
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-