General
-
Target
1aa5697f96a51fd5c776b394adbc732ab28b5b3228077dc11608b2a131cb5bfb
-
Size
328KB
-
Sample
220607-2aqe2sahhm
-
MD5
1a848d9da35b7e5d8faa66c836e94861
-
SHA1
f161a407f9e3fecf8d1739cc841f2376db566c5d
-
SHA256
1aa5697f96a51fd5c776b394adbc732ab28b5b3228077dc11608b2a131cb5bfb
-
SHA512
f1cef77fc5781c9e4ce15d5e2ffce9f658446f8bbab98a107e994fa701b73f5616b4d710cc1e33362d5b46f907c6efa4bc56c7d34f9105c80336b14e34b323d5
Static task
static1
Behavioral task
behavioral1
Sample
1aa5697f96a51fd5c776b394adbc732ab28b5b3228077dc11608b2a131cb5bfb.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1aa5697f96a51fd5c776b394adbc732ab28b5b3228077dc11608b2a131cb5bfb.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
103.232.222.57
111.121.193.242
123.249.0.22
Targets
-
-
Target
1aa5697f96a51fd5c776b394adbc732ab28b5b3228077dc11608b2a131cb5bfb
-
Size
328KB
-
MD5
1a848d9da35b7e5d8faa66c836e94861
-
SHA1
f161a407f9e3fecf8d1739cc841f2376db566c5d
-
SHA256
1aa5697f96a51fd5c776b394adbc732ab28b5b3228077dc11608b2a131cb5bfb
-
SHA512
f1cef77fc5781c9e4ce15d5e2ffce9f658446f8bbab98a107e994fa701b73f5616b4d710cc1e33362d5b46f907c6efa4bc56c7d34f9105c80336b14e34b323d5
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-