General
-
Target
90334ecb93afa6abb9d5739738b4b03437b0ee1829253bb3c4b966a1bf9f3882
-
Size
87KB
-
Sample
240411-kzhm3agc46
-
MD5
c130eba9ff855403a69ec4adc6ae5db0
-
SHA1
71c0f3213e23fc9f1c0c5d14c0095c6b59aa7446
-
SHA256
90334ecb93afa6abb9d5739738b4b03437b0ee1829253bb3c4b966a1bf9f3882
-
SHA512
35308bf15552b0168488eb0dfcf7fac077f79626d9e684a5bd57004d87d7e06ae5aa0c348d9866ccb6aa2e190d3727b8cde5b744f6c5ac5be4ab1aad452e6586
-
SSDEEP
1536:W5EJWKBv3LO18kUP7cnPouPJnVlPSuENQYkPnZzR5g3f:WGBvLOikUP7mvEEnZzR5G
Static task
static1
Behavioral task
behavioral1
Sample
90334ecb93afa6abb9d5739738b4b03437b0ee1829253bb3c4b966a1bf9f3882.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
90334ecb93afa6abb9d5739738b4b03437b0ee1829253bb3c4b966a1bf9f3882.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
90334ecb93afa6abb9d5739738b4b03437b0ee1829253bb3c4b966a1bf9f3882.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
systembc
asdasd08.com:4039
asdasd08.xyz:4039
Targets
-
-
Target
90334ecb93afa6abb9d5739738b4b03437b0ee1829253bb3c4b966a1bf9f3882
-
Size
87KB
-
MD5
c130eba9ff855403a69ec4adc6ae5db0
-
SHA1
71c0f3213e23fc9f1c0c5d14c0095c6b59aa7446
-
SHA256
90334ecb93afa6abb9d5739738b4b03437b0ee1829253bb3c4b966a1bf9f3882
-
SHA512
35308bf15552b0168488eb0dfcf7fac077f79626d9e684a5bd57004d87d7e06ae5aa0c348d9866ccb6aa2e190d3727b8cde5b744f6c5ac5be4ab1aad452e6586
-
SSDEEP
1536:W5EJWKBv3LO18kUP7cnPouPJnVlPSuENQYkPnZzR5g3f:WGBvLOikUP7mvEEnZzR5G
-
Contacts a large (820) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-