General
-
Target
33a4613abccd233fbfd2657b47227b18f073b318aef50363eebbcad4ee876a13
-
Size
150KB
-
Sample
220620-bq1b3scca9
-
MD5
6ab83c7b097ab214b88c82fe574b54aa
-
SHA1
1ecb7a96d52c0d1508bff3aedba472bf46a89d37
-
SHA256
33a4613abccd233fbfd2657b47227b18f073b318aef50363eebbcad4ee876a13
-
SHA512
10affd6dd0d0dacfb6fb6c911e7247da62b9a3cf174ab82cd79e0ebf5fa09400df728d616023b5ac774ba6b02d5b934e0ea06d3449e0fe346fff5cd07beb752e
Static task
static1
Behavioral task
behavioral1
Sample
33a4613abccd233fbfd2657b47227b18f073b318aef50363eebbcad4ee876a13.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
33a4613abccd233fbfd2657b47227b18f073b318aef50363eebbcad4ee876a13.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
91.218.38.245
188.165.132.183
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
33a4613abccd233fbfd2657b47227b18f073b318aef50363eebbcad4ee876a13
-
Size
150KB
-
MD5
6ab83c7b097ab214b88c82fe574b54aa
-
SHA1
1ecb7a96d52c0d1508bff3aedba472bf46a89d37
-
SHA256
33a4613abccd233fbfd2657b47227b18f073b318aef50363eebbcad4ee876a13
-
SHA512
10affd6dd0d0dacfb6fb6c911e7247da62b9a3cf174ab82cd79e0ebf5fa09400df728d616023b5ac774ba6b02d5b934e0ea06d3449e0fe346fff5cd07beb752e
Score10/10-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-