General
-
Target
1b66f5287e70ab31b12e42bfad9d69ca94e4e8025cc4c3ece1d254be0bf787e9
-
Size
139KB
-
Sample
220607-xhf45adahj
-
MD5
fb7d171df11ed3ea9adb990ccf967208
-
SHA1
d3c44eceea18a017840136bb48d1c4147a41f83c
-
SHA256
1b66f5287e70ab31b12e42bfad9d69ca94e4e8025cc4c3ece1d254be0bf787e9
-
SHA512
bd28b24e596ff7438cad0836b256826842be84c14387ca970d78de984bafe0e58e9b57b883e9369629afcf797bcb88b968a7abb3f2b7b19d47b2f4790c23af55
Static task
static1
Behavioral task
behavioral1
Sample
1b66f5287e70ab31b12e42bfad9d69ca94e4e8025cc4c3ece1d254be0bf787e9.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1b66f5287e70ab31b12e42bfad9d69ca94e4e8025cc4c3ece1d254be0bf787e9.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
1b66f5287e70ab31b12e42bfad9d69ca94e4e8025cc4c3ece1d254be0bf787e9
-
Size
139KB
-
MD5
fb7d171df11ed3ea9adb990ccf967208
-
SHA1
d3c44eceea18a017840136bb48d1c4147a41f83c
-
SHA256
1b66f5287e70ab31b12e42bfad9d69ca94e4e8025cc4c3ece1d254be0bf787e9
-
SHA512
bd28b24e596ff7438cad0836b256826842be84c14387ca970d78de984bafe0e58e9b57b883e9369629afcf797bcb88b968a7abb3f2b7b19d47b2f4790c23af55
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-