General
-
Target
39e2b92059aea92f0cef66384347db789668df9ba87067a21060b6fdf7da7bc9
-
Size
312KB
-
Sample
220625-jg1v9abeem
-
MD5
469c2f23c85976e2d7a79c013b87121b
-
SHA1
a98f1b95299a2546aca7e959b9af97eed341a01b
-
SHA256
39e2b92059aea92f0cef66384347db789668df9ba87067a21060b6fdf7da7bc9
-
SHA512
1ef5fdeb5f0fd3872d351c93c661fdebc504cec452ff9e00ab3abc7a84aea0be9ba3d2de52e7c3c900b67b55d95c2422d0cdc2ed16ada940a4f662ac884559c9
Static task
static1
Behavioral task
behavioral1
Sample
39e2b92059aea92f0cef66384347db789668df9ba87067a21060b6fdf7da7bc9.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
39e2b92059aea92f0cef66384347db789668df9ba87067a21060b6fdf7da7bc9.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
39e2b92059aea92f0cef66384347db789668df9ba87067a21060b6fdf7da7bc9
-
Size
312KB
-
MD5
469c2f23c85976e2d7a79c013b87121b
-
SHA1
a98f1b95299a2546aca7e959b9af97eed341a01b
-
SHA256
39e2b92059aea92f0cef66384347db789668df9ba87067a21060b6fdf7da7bc9
-
SHA512
1ef5fdeb5f0fd3872d351c93c661fdebc504cec452ff9e00ab3abc7a84aea0be9ba3d2de52e7c3c900b67b55d95c2422d0cdc2ed16ada940a4f662ac884559c9
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-