General
-
Target
5d366decba2f9078f457cb35fe7bfd198760683a709f0d33745fc6e0ba59ac8a
-
Size
222KB
-
Sample
240414-rwqmtshc47
-
MD5
72cfa33b978294103889481feca472f2
-
SHA1
0615eb31fd67345b9fa0d57d12a3bcb363152abe
-
SHA256
5d366decba2f9078f457cb35fe7bfd198760683a709f0d33745fc6e0ba59ac8a
-
SHA512
d1de5fee23b7a858ec62b849cd8a41cf896ab8b6df4836c65ba36942c1d1727b36832d45713a578c93e8a0b8650bf55923568637d91bb9b2196257a2ae015559
-
SSDEEP
3072:m04yjyyUD1HncBNyBNp5oEug4OkyJAQF1G8Xrrw+cC+lJDJEQkjvuMM:SR1HUUPCEZ4OkyJ9rrw+cZTuZSMM
Static task
static1
Behavioral task
behavioral1
Sample
5d366decba2f9078f457cb35fe7bfd198760683a709f0d33745fc6e0ba59ac8a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5d366decba2f9078f457cb35fe7bfd198760683a709f0d33745fc6e0ba59ac8a.exe
Resource
win10-20240319-en
Behavioral task
behavioral3
Sample
5d366decba2f9078f457cb35fe7bfd198760683a709f0d33745fc6e0ba59ac8a.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
systembc
fanstat18.club:4044
dexblog90.club:4044
Targets
-
-
Target
5d366decba2f9078f457cb35fe7bfd198760683a709f0d33745fc6e0ba59ac8a
-
Size
222KB
-
MD5
72cfa33b978294103889481feca472f2
-
SHA1
0615eb31fd67345b9fa0d57d12a3bcb363152abe
-
SHA256
5d366decba2f9078f457cb35fe7bfd198760683a709f0d33745fc6e0ba59ac8a
-
SHA512
d1de5fee23b7a858ec62b849cd8a41cf896ab8b6df4836c65ba36942c1d1727b36832d45713a578c93e8a0b8650bf55923568637d91bb9b2196257a2ae015559
-
SSDEEP
3072:m04yjyyUD1HncBNyBNp5oEug4OkyJAQF1G8Xrrw+cC+lJDJEQkjvuMM:SR1HUUPCEZ4OkyJ9rrw+cZTuZSMM
-
Contacts a large (641) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-