General
-
Target
80cd7cddd76f84d868d57a1cd44861c8b4782b6a90e319cacf8369b62f7dc16c
-
Size
207KB
-
Sample
220625-jywb4acdbn
-
MD5
ad39ad585aa201d750e984c89aa02e9c
-
SHA1
142a5de3ec0af160e7f21368e39eb45a654df086
-
SHA256
80cd7cddd76f84d868d57a1cd44861c8b4782b6a90e319cacf8369b62f7dc16c
-
SHA512
6edfe20a8ae02b9b312689225fdd90fb208d8fde57491e9999946f16334600face6776b6011c96c22bd29d58f1fcd3a43addba849893ef89f07e171b96a76794
Static task
static1
Behavioral task
behavioral1
Sample
80cd7cddd76f84d868d57a1cd44861c8b4782b6a90e319cacf8369b62f7dc16c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
80cd7cddd76f84d868d57a1cd44861c8b4782b6a90e319cacf8369b62f7dc16c.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
80cd7cddd76f84d868d57a1cd44861c8b4782b6a90e319cacf8369b62f7dc16c
-
Size
207KB
-
MD5
ad39ad585aa201d750e984c89aa02e9c
-
SHA1
142a5de3ec0af160e7f21368e39eb45a654df086
-
SHA256
80cd7cddd76f84d868d57a1cd44861c8b4782b6a90e319cacf8369b62f7dc16c
-
SHA512
6edfe20a8ae02b9b312689225fdd90fb208d8fde57491e9999946f16334600face6776b6011c96c22bd29d58f1fcd3a43addba849893ef89f07e171b96a76794
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-