General
-
Target
0f46fce8d6203de3ea82a70f7abddfbf95850f7b1356ac967e05d955aa1566d8
-
Size
98KB
-
Sample
220604-tlylsseda9
-
MD5
b34b1258a1e5b89d9fbdd9aac4c47bec
-
SHA1
8f1550ed6e666752230cf637c71743512a6dda45
-
SHA256
0f46fce8d6203de3ea82a70f7abddfbf95850f7b1356ac967e05d955aa1566d8
-
SHA512
1bb74f49b3e37f60afc80c607460e451e143856a0a7212ef3136dc34ecb3969e27370b7fc5266ff73fd8eab62b5155d96a8288fb247f6104a1a911130dc306d5
Static task
static1
Behavioral task
behavioral1
Sample
0f46fce8d6203de3ea82a70f7abddfbf95850f7b1356ac967e05d955aa1566d8.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0f46fce8d6203de3ea82a70f7abddfbf95850f7b1356ac967e05d955aa1566d8.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
0f46fce8d6203de3ea82a70f7abddfbf95850f7b1356ac967e05d955aa1566d8
-
Size
98KB
-
MD5
b34b1258a1e5b89d9fbdd9aac4c47bec
-
SHA1
8f1550ed6e666752230cf637c71743512a6dda45
-
SHA256
0f46fce8d6203de3ea82a70f7abddfbf95850f7b1356ac967e05d955aa1566d8
-
SHA512
1bb74f49b3e37f60afc80c607460e451e143856a0a7212ef3136dc34ecb3969e27370b7fc5266ff73fd8eab62b5155d96a8288fb247f6104a1a911130dc306d5
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-