General
-
Target
001afb278f354720629246d4d34cb09bd21fa38105f5bc8b3b5323192bb4e64f
-
Size
282KB
-
Sample
220124-w8pzaahbhl
-
MD5
18c9966d638879f5aa95b437b8322001
-
SHA1
5364a8da1d0a4caa2dac204a325a24c1e84196f3
-
SHA256
001afb278f354720629246d4d34cb09bd21fa38105f5bc8b3b5323192bb4e64f
-
SHA512
6cfb7851cc2a1b2fc2cc179c9db9fc045d251e3b85f6786fe08b87ae5238d9c93b162083bdfd09ab56a811808b3b201c04eedead8e2410d09baac41445812646
Static task
static1
Behavioral task
behavioral1
Sample
001afb278f354720629246d4d34cb09bd21fa38105f5bc8b3b5323192bb4e64f.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
tofsee
patmushta.info
ovicrush.cn
Targets
-
-
Target
001afb278f354720629246d4d34cb09bd21fa38105f5bc8b3b5323192bb4e64f
-
Size
282KB
-
MD5
18c9966d638879f5aa95b437b8322001
-
SHA1
5364a8da1d0a4caa2dac204a325a24c1e84196f3
-
SHA256
001afb278f354720629246d4d34cb09bd21fa38105f5bc8b3b5323192bb4e64f
-
SHA512
6cfb7851cc2a1b2fc2cc179c9db9fc045d251e3b85f6786fe08b87ae5238d9c93b162083bdfd09ab56a811808b3b201c04eedead8e2410d09baac41445812646
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-