General
-
Target
71565b09d9feb1304164466fffd4f8392ed26c7c19949aec0c455cd0af906cc9
-
Size
256KB
-
Sample
220122-z399tadbe9
-
MD5
cce00531ac8f21e44c5276fde6cd3c5e
-
SHA1
fe87282ff1293ee2e6d0b411b87229d4190eb59f
-
SHA256
71565b09d9feb1304164466fffd4f8392ed26c7c19949aec0c455cd0af906cc9
-
SHA512
599362d241797806c21eb61a0537f3d00a64b2dc0f6fceb2c66146f496707d5863b70b8816a76e4c25a58abfc39d1a40a409374f3c31ebb39aef42d445675db1
Static task
static1
Behavioral task
behavioral1
Sample
71565b09d9feb1304164466fffd4f8392ed26c7c19949aec0c455cd0af906cc9.exe
Resource
win10-en-20211208
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
71565b09d9feb1304164466fffd4f8392ed26c7c19949aec0c455cd0af906cc9
-
Size
256KB
-
MD5
cce00531ac8f21e44c5276fde6cd3c5e
-
SHA1
fe87282ff1293ee2e6d0b411b87229d4190eb59f
-
SHA256
71565b09d9feb1304164466fffd4f8392ed26c7c19949aec0c455cd0af906cc9
-
SHA512
599362d241797806c21eb61a0537f3d00a64b2dc0f6fceb2c66146f496707d5863b70b8816a76e4c25a58abfc39d1a40a409374f3c31ebb39aef42d445675db1
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-