General
-
Target
295f2e7a08269def791aa11bfafa9d73e36ac9fa6dd292f2b62b1bcf8758aa11
-
Size
342KB
-
Sample
220615-rzhfmaeab5
-
MD5
9b2b3970effdd49a3194b83a272b29bd
-
SHA1
9c141b488d126a2e7f25b541d14307acec0e6262
-
SHA256
295f2e7a08269def791aa11bfafa9d73e36ac9fa6dd292f2b62b1bcf8758aa11
-
SHA512
005dc7ff7bedbb07add0f048690dae179f17421e20ec9f3f63c5f54c65966752a9e46dc062ecbdbcbca7dd92591ac70822eb21c595ef453752ef878cf15a8d7c
Static task
static1
Behavioral task
behavioral1
Sample
295f2e7a08269def791aa11bfafa9d73e36ac9fa6dd292f2b62b1bcf8758aa11.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
295f2e7a08269def791aa11bfafa9d73e36ac9fa6dd292f2b62b1bcf8758aa11.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
295f2e7a08269def791aa11bfafa9d73e36ac9fa6dd292f2b62b1bcf8758aa11
-
Size
342KB
-
MD5
9b2b3970effdd49a3194b83a272b29bd
-
SHA1
9c141b488d126a2e7f25b541d14307acec0e6262
-
SHA256
295f2e7a08269def791aa11bfafa9d73e36ac9fa6dd292f2b62b1bcf8758aa11
-
SHA512
005dc7ff7bedbb07add0f048690dae179f17421e20ec9f3f63c5f54c65966752a9e46dc062ecbdbcbca7dd92591ac70822eb21c595ef453752ef878cf15a8d7c
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-