General
-
Target
186c02563f5f1abad8dca9c356b12fc25f3b8f882117c3f8b11c8eafb82748cb
-
Size
164KB
-
Sample
220608-v1tf3ahdfq
-
MD5
3a418eebc66c60605b3fd8ff3d0ae7fe
-
SHA1
c783046040c8b68cbb7a7e515636bea2abcafa4b
-
SHA256
186c02563f5f1abad8dca9c356b12fc25f3b8f882117c3f8b11c8eafb82748cb
-
SHA512
d83601897c97e81a0e23644ebcf089e31b8f0103122591e334301b867b58f9e46abfcf4d9d65716d5d1655a75a91a39aa919f0e4ff96c73761674ab72fee0543
Static task
static1
Behavioral task
behavioral1
Sample
186c02563f5f1abad8dca9c356b12fc25f3b8f882117c3f8b11c8eafb82748cb.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
186c02563f5f1abad8dca9c356b12fc25f3b8f882117c3f8b11c8eafb82748cb.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
103.232.222.57
111.121.193.242
123.249.0.22
Targets
-
-
Target
186c02563f5f1abad8dca9c356b12fc25f3b8f882117c3f8b11c8eafb82748cb
-
Size
164KB
-
MD5
3a418eebc66c60605b3fd8ff3d0ae7fe
-
SHA1
c783046040c8b68cbb7a7e515636bea2abcafa4b
-
SHA256
186c02563f5f1abad8dca9c356b12fc25f3b8f882117c3f8b11c8eafb82748cb
-
SHA512
d83601897c97e81a0e23644ebcf089e31b8f0103122591e334301b867b58f9e46abfcf4d9d65716d5d1655a75a91a39aa919f0e4ff96c73761674ab72fee0543
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-