General
-
Target
27a14e1653fb0b415ab18bd220930344f8423b18e5c1e6587b142d595035aa4c
-
Size
281KB
-
Sample
220124-nxnyvaefak
-
MD5
85bfad50ecc780909d8add6568fb4fef
-
SHA1
5eaed9d25a9aeb34350bde97a8da7458ed2bcdc4
-
SHA256
27a14e1653fb0b415ab18bd220930344f8423b18e5c1e6587b142d595035aa4c
-
SHA512
f1186997d0af98e0cca86642f9d8cbf59f2e982a0b7f5e017f2cec654dd400abd85f21321fbc46c932bdb7f480f64745bf09b119b8459adec7ac5dfad9825b82
Static task
static1
Behavioral task
behavioral1
Sample
27a14e1653fb0b415ab18bd220930344f8423b18e5c1e6587b142d595035aa4c.exe
Resource
win10-en-20211208
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
27a14e1653fb0b415ab18bd220930344f8423b18e5c1e6587b142d595035aa4c
-
Size
281KB
-
MD5
85bfad50ecc780909d8add6568fb4fef
-
SHA1
5eaed9d25a9aeb34350bde97a8da7458ed2bcdc4
-
SHA256
27a14e1653fb0b415ab18bd220930344f8423b18e5c1e6587b142d595035aa4c
-
SHA512
f1186997d0af98e0cca86642f9d8cbf59f2e982a0b7f5e017f2cec654dd400abd85f21321fbc46c932bdb7f480f64745bf09b119b8459adec7ac5dfad9825b82
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-