General
-
Target
Gootloader.zip
-
Size
107KB
-
Sample
220613-sf5x9adbf2
-
MD5
bf441f0ebe5634aedcf6fb13529fe68b
-
SHA1
c693c901064b3e3877367fe78a597ff44f3fd651
-
SHA256
ebe3c4c0da5a8fc53184c2a58b11b516bbf47ccf401a4ca1326fe7920d2c6fe9
-
SHA512
6e155f4cc42799242535a45ccc7b8fdc4484ca14a7850f1388942de48a1c83f5a1eade3bd77be8688c9ed82bf02719cccadeb1f45670d712dddf082bd9187db6
Static task
static1
Behavioral task
behavioral1
Sample
913bb671797400d827f39ee27fd4dc540c04f61e4992c8f5ce9c3f3e0fe88d61.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
913bb671797400d827f39ee27fd4dc540c04f61e4992c8f5ce9c3f3e0fe88d61.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
913bb671797400d827f39ee27fd4dc540c04f61e4992c8f5ce9c3f3e0fe88d61
-
Size
12.8MB
-
MD5
5c2648191655ace3964cfc66c6dccc60
-
SHA1
996495b874b750440ef36c029543ee9ec277edfd
-
SHA256
913bb671797400d827f39ee27fd4dc540c04f61e4992c8f5ce9c3f3e0fe88d61
-
SHA512
1055eefd4ae0cfc1cd647392efb07c62ad31e26f5f6045416429330675acbc182e32e3eafdf51630a1056a50bc38694e5149db5d19ab90d861a934d76558b3b5
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-