General
-
Target
5843747cb53dcb0ecc8ea31a9f289b6f1dc829ac705a359875414efb28adfbef
-
Size
14.1MB
-
Sample
220622-2kr2madeb7
-
MD5
0e23bc0be4b1ddfa9fb1b05987dc7894
-
SHA1
a7e8682f89910271a131f67cf7bd2ac4c250fe77
-
SHA256
5843747cb53dcb0ecc8ea31a9f289b6f1dc829ac705a359875414efb28adfbef
-
SHA512
c6d18bff9c8d9ca5b443a9d19dd3b1e99fa028ca514ac28e6e8093217b9e0fa257bd9e80c31200431b322fa5fd94d6cfad750f2a4a5d259445ed64a285914429
Static task
static1
Behavioral task
behavioral1
Sample
5843747cb53dcb0ecc8ea31a9f289b6f1dc829ac705a359875414efb28adfbef.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
5843747cb53dcb0ecc8ea31a9f289b6f1dc829ac705a359875414efb28adfbef.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
103.248.137.133
43.231.5.6
115.230.124.76
Targets
-
-
Target
5843747cb53dcb0ecc8ea31a9f289b6f1dc829ac705a359875414efb28adfbef
-
Size
14.1MB
-
MD5
0e23bc0be4b1ddfa9fb1b05987dc7894
-
SHA1
a7e8682f89910271a131f67cf7bd2ac4c250fe77
-
SHA256
5843747cb53dcb0ecc8ea31a9f289b6f1dc829ac705a359875414efb28adfbef
-
SHA512
c6d18bff9c8d9ca5b443a9d19dd3b1e99fa028ca514ac28e6e8093217b9e0fa257bd9e80c31200431b322fa5fd94d6cfad750f2a4a5d259445ed64a285914429
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-