General
-
Target
a95c29de8321dd4dc8b9676ec640e7b3.exe
-
Size
32KB
-
Sample
240409-stvpfaeb2s
-
MD5
a95c29de8321dd4dc8b9676ec640e7b3
-
SHA1
d9ef0d8e14ddba29ab8e39779e616344440d8f75
-
SHA256
7616efcd937ca8fd237f3afa86aea2294844d00cd1100b75660b4925ad88924b
-
SHA512
d6ee8ea621bd1a0de0046773459316eec5a4f04077f90002d48f997e64758cf6fea7d80e4e7337dc95a4827233f0da937fb9228d5a15867043d097ee73da6acf
-
SSDEEP
768:3Ta1PsXQ0yVmQvcs27NOJtyuv09gnoJCvcror:SsXQ0yVN2gV0Gno
Behavioral task
behavioral1
Sample
a95c29de8321dd4dc8b9676ec640e7b3.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a95c29de8321dd4dc8b9676ec640e7b3.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
a95c29de8321dd4dc8b9676ec640e7b3.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
systembc
dec15coma.com:4039
dec15coma.xyz:4039
Targets
-
-
Target
a95c29de8321dd4dc8b9676ec640e7b3.exe
-
Size
32KB
-
MD5
a95c29de8321dd4dc8b9676ec640e7b3
-
SHA1
d9ef0d8e14ddba29ab8e39779e616344440d8f75
-
SHA256
7616efcd937ca8fd237f3afa86aea2294844d00cd1100b75660b4925ad88924b
-
SHA512
d6ee8ea621bd1a0de0046773459316eec5a4f04077f90002d48f997e64758cf6fea7d80e4e7337dc95a4827233f0da937fb9228d5a15867043d097ee73da6acf
-
SSDEEP
768:3Ta1PsXQ0yVmQvcs27NOJtyuv09gnoJCvcror:SsXQ0yVN2gV0Gno
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-