General
-
Target
39925d256ffb487c669d5c3bb768eba1f9cfa7595c7faf0947c9bcd52c2cf1c9
-
Size
258KB
-
Sample
220625-ln4ltsfbdq
-
MD5
7a717003f647ffa187853202db3cbe44
-
SHA1
10b25fb91c1e200aba57b13ca96996a3a62dc77f
-
SHA256
39925d256ffb487c669d5c3bb768eba1f9cfa7595c7faf0947c9bcd52c2cf1c9
-
SHA512
0c97a36671dd383481f665d910038404aa83b9e37cfcd127a08a7a57865b04450f19dc3a987d04b4e01aeed54835d126325042655e0116dfe12f687dd40b0577
Static task
static1
Behavioral task
behavioral1
Sample
39925d256ffb487c669d5c3bb768eba1f9cfa7595c7faf0947c9bcd52c2cf1c9.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
39925d256ffb487c669d5c3bb768eba1f9cfa7595c7faf0947c9bcd52c2cf1c9.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
39925d256ffb487c669d5c3bb768eba1f9cfa7595c7faf0947c9bcd52c2cf1c9
-
Size
258KB
-
MD5
7a717003f647ffa187853202db3cbe44
-
SHA1
10b25fb91c1e200aba57b13ca96996a3a62dc77f
-
SHA256
39925d256ffb487c669d5c3bb768eba1f9cfa7595c7faf0947c9bcd52c2cf1c9
-
SHA512
0c97a36671dd383481f665d910038404aa83b9e37cfcd127a08a7a57865b04450f19dc3a987d04b4e01aeed54835d126325042655e0116dfe12f687dd40b0577
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-