General
-
Target
101512df3ce4c79c8f763e779e8d0cf1bfe31089b7107eb384280c3f6adc40b7
-
Size
137KB
-
Sample
220604-qtwwdsdegm
-
MD5
d621a78cf6343c38fa7356b7a2846ddd
-
SHA1
8037750152302eeffddab9e0efe93967bbafd582
-
SHA256
101512df3ce4c79c8f763e779e8d0cf1bfe31089b7107eb384280c3f6adc40b7
-
SHA512
6c3144dc20bc6048456bb6330b93df1566d969971334259e393c15e38c1f282e24f982ea28400b53283a6b538d4a7fcbe6283cad0fe24b8f45cd26bdc4c70ef4
Static task
static1
Behavioral task
behavioral1
Sample
101512df3ce4c79c8f763e779e8d0cf1bfe31089b7107eb384280c3f6adc40b7.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
101512df3ce4c79c8f763e779e8d0cf1bfe31089b7107eb384280c3f6adc40b7.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
101512df3ce4c79c8f763e779e8d0cf1bfe31089b7107eb384280c3f6adc40b7
-
Size
137KB
-
MD5
d621a78cf6343c38fa7356b7a2846ddd
-
SHA1
8037750152302eeffddab9e0efe93967bbafd582
-
SHA256
101512df3ce4c79c8f763e779e8d0cf1bfe31089b7107eb384280c3f6adc40b7
-
SHA512
6c3144dc20bc6048456bb6330b93df1566d969971334259e393c15e38c1f282e24f982ea28400b53283a6b538d4a7fcbe6283cad0fe24b8f45cd26bdc4c70ef4
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-