General
-
Target
1ec1a5162c3001a38670c7e524e8166d49f0e729587f69c6a9e7f248ec5e7634
-
Size
102KB
-
Sample
220612-ytt1ssdhgm
-
MD5
a0c2bb718c96b2704660ef224a9ea05c
-
SHA1
251f79cc124ead1c0e0f55a6886e4996e93fcf08
-
SHA256
1ec1a5162c3001a38670c7e524e8166d49f0e729587f69c6a9e7f248ec5e7634
-
SHA512
c81e4fa06a74d1a54eb6a2b2fd8f569765141edf6bec1e154838be184557fca5b353d30a618946c95007f95a085c80397ed67ed2e6856e1da556ce26e673d214
Static task
static1
Behavioral task
behavioral1
Sample
1ec1a5162c3001a38670c7e524e8166d49f0e729587f69c6a9e7f248ec5e7634.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1ec1a5162c3001a38670c7e524e8166d49f0e729587f69c6a9e7f248ec5e7634.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
1ec1a5162c3001a38670c7e524e8166d49f0e729587f69c6a9e7f248ec5e7634
-
Size
102KB
-
MD5
a0c2bb718c96b2704660ef224a9ea05c
-
SHA1
251f79cc124ead1c0e0f55a6886e4996e93fcf08
-
SHA256
1ec1a5162c3001a38670c7e524e8166d49f0e729587f69c6a9e7f248ec5e7634
-
SHA512
c81e4fa06a74d1a54eb6a2b2fd8f569765141edf6bec1e154838be184557fca5b353d30a618946c95007f95a085c80397ed67ed2e6856e1da556ce26e673d214
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-