General
-
Target
52a0608d226a649ccb30988a282089b8fd97e3542dce93bfcac50846f2e318fc
-
Size
10.6MB
-
Sample
220605-dgd4labhfn
-
MD5
c17c2659957ae4094d32ae28df21361d
-
SHA1
0e51169e7914e136270f9af8b0a6afa62f81a7b1
-
SHA256
52a0608d226a649ccb30988a282089b8fd97e3542dce93bfcac50846f2e318fc
-
SHA512
1af79bfb17b659287108f772e14ea2444301ba3e7f069c72d3bd97b3940c445d03ed0ef49e7d13f52c159dc22e6802543363c3facb7b76e469e77a2214653271
Static task
static1
Behavioral task
behavioral1
Sample
52a0608d226a649ccb30988a282089b8fd97e3542dce93bfcac50846f2e318fc.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
52a0608d226a649ccb30988a282089b8fd97e3542dce93bfcac50846f2e318fc.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
52a0608d226a649ccb30988a282089b8fd97e3542dce93bfcac50846f2e318fc
-
Size
10.6MB
-
MD5
c17c2659957ae4094d32ae28df21361d
-
SHA1
0e51169e7914e136270f9af8b0a6afa62f81a7b1
-
SHA256
52a0608d226a649ccb30988a282089b8fd97e3542dce93bfcac50846f2e318fc
-
SHA512
1af79bfb17b659287108f772e14ea2444301ba3e7f069c72d3bd97b3940c445d03ed0ef49e7d13f52c159dc22e6802543363c3facb7b76e469e77a2214653271
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-