General
-
Target
19cd7ad7229f202403df4755e341f3b8856150a773217ea70fe7c8be52ad8fcf
-
Size
142KB
-
Sample
220608-f1zwhsegh6
-
MD5
70780b64e4a6d98605af8971d4c087ea
-
SHA1
862b12cfea6bf1c5e636f58e8bcdaf89482c94af
-
SHA256
19cd7ad7229f202403df4755e341f3b8856150a773217ea70fe7c8be52ad8fcf
-
SHA512
cbdfdf35c0f31aaf4870709aa07c3c93edf8c5b504d39f44838e9ffc4d7eeee3483e9c3a6c98a92d1fcdbb3e0e585127f0635c535575faa2509f9dbd54ac3950
Static task
static1
Behavioral task
behavioral1
Sample
19cd7ad7229f202403df4755e341f3b8856150a773217ea70fe7c8be52ad8fcf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
19cd7ad7229f202403df4755e341f3b8856150a773217ea70fe7c8be52ad8fcf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
19cd7ad7229f202403df4755e341f3b8856150a773217ea70fe7c8be52ad8fcf
-
Size
142KB
-
MD5
70780b64e4a6d98605af8971d4c087ea
-
SHA1
862b12cfea6bf1c5e636f58e8bcdaf89482c94af
-
SHA256
19cd7ad7229f202403df4755e341f3b8856150a773217ea70fe7c8be52ad8fcf
-
SHA512
cbdfdf35c0f31aaf4870709aa07c3c93edf8c5b504d39f44838e9ffc4d7eeee3483e9c3a6c98a92d1fcdbb3e0e585127f0635c535575faa2509f9dbd54ac3950
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-