General
-
Target
350a594c4295d9108753f28159e65d192256b74968b087b90cb2ec091cfa2ad2
-
Size
288KB
-
Sample
220619-xsd3hshdcj
-
MD5
49c14162f3ee193af91eadadcca62016
-
SHA1
c45b24e9807486083c6a9f38a0ef9cfe4b75663b
-
SHA256
350a594c4295d9108753f28159e65d192256b74968b087b90cb2ec091cfa2ad2
-
SHA512
92ed684d0f88a131e8a9daa0f410a32b87f1748947fa8b7a3eda1cb953d2bb60c0e9c96933e9fa663916258cddc57a294dc0c436a9270318fe4fd6ac3de5ac5d
Static task
static1
Behavioral task
behavioral1
Sample
350a594c4295d9108753f28159e65d192256b74968b087b90cb2ec091cfa2ad2.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
350a594c4295d9108753f28159e65d192256b74968b087b90cb2ec091cfa2ad2.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
103.232.222.57
111.121.193.242
123.249.0.22
Targets
-
-
Target
350a594c4295d9108753f28159e65d192256b74968b087b90cb2ec091cfa2ad2
-
Size
288KB
-
MD5
49c14162f3ee193af91eadadcca62016
-
SHA1
c45b24e9807486083c6a9f38a0ef9cfe4b75663b
-
SHA256
350a594c4295d9108753f28159e65d192256b74968b087b90cb2ec091cfa2ad2
-
SHA512
92ed684d0f88a131e8a9daa0f410a32b87f1748947fa8b7a3eda1cb953d2bb60c0e9c96933e9fa663916258cddc57a294dc0c436a9270318fe4fd6ac3de5ac5d
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-