General
-
Target
34d4dc94d70088a824e612804d4d3858a961a0a7a3ed8ef6b6b0f202beeae6d2
-
Size
224KB
-
Sample
220619-ylz7vaaehk
-
MD5
44677e5592e39e6bd557da131ddacfdd
-
SHA1
04a4b16d418ac4f349c6d47b1270ad31b8c94a93
-
SHA256
34d4dc94d70088a824e612804d4d3858a961a0a7a3ed8ef6b6b0f202beeae6d2
-
SHA512
14f1cc903d1c94dbb87e59fe894e7d15dd6edb2a559e4629d75f8353c96112d2a8cc5e49a2db502d88a477db4426c03d2e1b5860c1f03e4adfede23ed415b57b
Static task
static1
Behavioral task
behavioral1
Sample
34d4dc94d70088a824e612804d4d3858a961a0a7a3ed8ef6b6b0f202beeae6d2.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
34d4dc94d70088a824e612804d4d3858a961a0a7a3ed8ef6b6b0f202beeae6d2.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
103.232.222.57
111.121.193.242
123.249.0.22
Targets
-
-
Target
34d4dc94d70088a824e612804d4d3858a961a0a7a3ed8ef6b6b0f202beeae6d2
-
Size
224KB
-
MD5
44677e5592e39e6bd557da131ddacfdd
-
SHA1
04a4b16d418ac4f349c6d47b1270ad31b8c94a93
-
SHA256
34d4dc94d70088a824e612804d4d3858a961a0a7a3ed8ef6b6b0f202beeae6d2
-
SHA512
14f1cc903d1c94dbb87e59fe894e7d15dd6edb2a559e4629d75f8353c96112d2a8cc5e49a2db502d88a477db4426c03d2e1b5860c1f03e4adfede23ed415b57b
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-