General
-
Target
22cbedd671eef5dad95001ae0ad11add173cfb11959dddff4f545f481d870e01
-
Size
160KB
-
Sample
220612-ek6tfsdefk
-
MD5
151e547c0bcd4f597ae577fc6f5c0905
-
SHA1
dadbc8ce69a363ef93b54cd8512d7b75dd96c13c
-
SHA256
22cbedd671eef5dad95001ae0ad11add173cfb11959dddff4f545f481d870e01
-
SHA512
7b0d95a968f2d41a89fe1ba61305921910211263829faffb211cd95825489439c5c9fd19508dd0f788e993ce6a5caa5abd711301fcac7cfacbc0b4170ace4afb
Static task
static1
Behavioral task
behavioral1
Sample
22cbedd671eef5dad95001ae0ad11add173cfb11959dddff4f545f481d870e01.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
22cbedd671eef5dad95001ae0ad11add173cfb11959dddff4f545f481d870e01.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
91.218.38.245
188.165.132.183
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
22cbedd671eef5dad95001ae0ad11add173cfb11959dddff4f545f481d870e01
-
Size
160KB
-
MD5
151e547c0bcd4f597ae577fc6f5c0905
-
SHA1
dadbc8ce69a363ef93b54cd8512d7b75dd96c13c
-
SHA256
22cbedd671eef5dad95001ae0ad11add173cfb11959dddff4f545f481d870e01
-
SHA512
7b0d95a968f2d41a89fe1ba61305921910211263829faffb211cd95825489439c5c9fd19508dd0f788e993ce6a5caa5abd711301fcac7cfacbc0b4170ace4afb
Score10/10-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-