General
-
Target
c5af074d1dc7563538561414790ce838b29a04f80c877a0d3e235b83a2130d16
-
Size
13.7MB
-
Sample
220606-dyxx2adhb3
-
MD5
5408cff5586901cfb35b5ed13505c161
-
SHA1
e929d7dc906bdc0eb20c4009b085443bc7af996f
-
SHA256
c5af074d1dc7563538561414790ce838b29a04f80c877a0d3e235b83a2130d16
-
SHA512
f1f6bde7b47b13da6ede09ae7e25e1ac5444880cea3ed2bbad2a806ae7e80393998670febb7bbc0bd0221a3a9ce741b2a39ad7199ad561061e0545ae0966558c
Static task
static1
Behavioral task
behavioral1
Sample
c5af074d1dc7563538561414790ce838b29a04f80c877a0d3e235b83a2130d16.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
c5af074d1dc7563538561414790ce838b29a04f80c877a0d3e235b83a2130d16.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
c5af074d1dc7563538561414790ce838b29a04f80c877a0d3e235b83a2130d16
-
Size
13.7MB
-
MD5
5408cff5586901cfb35b5ed13505c161
-
SHA1
e929d7dc906bdc0eb20c4009b085443bc7af996f
-
SHA256
c5af074d1dc7563538561414790ce838b29a04f80c877a0d3e235b83a2130d16
-
SHA512
f1f6bde7b47b13da6ede09ae7e25e1ac5444880cea3ed2bbad2a806ae7e80393998670febb7bbc0bd0221a3a9ce741b2a39ad7199ad561061e0545ae0966558c
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-