https://www.hybrid-analysis.com/sample/c41c028d807d241027ce0c62e317f46cd68426c5ce1a3204bfc20a8b05ccd47f/5d10ca27038838004c83abab
Code:
Found potential URL in binary/memory
details
Heuristic match: "iplogger.org"
Heuristic match: "pastebin.com"
Pattern match: "https://iplogger.org/templates/new/i/200x200.png"
Pattern match: "https://maper.info/XuBf3"
Pattern match: "https://iplogger.org/rules/"
Heuristic match: "GET /raw/diuCKBNL HTTP/1.1
Host: pastebin.com"
source
String
relevance
10/10
it also seems to contact a US server and a DE (german) server I will try do some more indepth on the EXE when I have some more time later.
Bob is correct the best thing to do is to wipe down.
You can look at something like DBAN ( https://dban.org/ )
This will allow you to securely wipe the HD and make sure there is nothing left on the system..
Another things possibly you should check is your bios make sure nothing has been modified in the BIOS but from looking at this malware I don't think it's packed with a rootkit or bootkit.
Code:
Domain Address Registrar Country
iplogger.org
88.99.66.31
TTL: 1487 Regtime Ltd.
Name Server: NS1.FASTVPS.RU
Creation Date: Sun, 03 Apr 2011 15:52:04 GMT Flag of Germany Germany
pastebin.com
104.20.209.21
TTL: 233 ENOM, INC.
Organization: WHOISGUARD, INC.
Name Server: SUE.NS.CLOUDFLARE.COM
Creation Date: Tue, 03 Sep 2002 00:00:00 GMT Flag of United States United States
Contacted Hosts
IP Address Port/Protocol Associated Process Details
88.99.66.31
443
TCP ema20cross20bybit20v1.exe
PID: 2920 Flag of Germany Germany
104.20.209.21
443
TCP ema20cross20bybit20v1.exe
PID: 2920 Flag of United States United States
Contacted Countrie
Attack surface processing. Seems to hook.