General
-
Target
395523cf56f7bb9497764d72ed71bab457bc86cd338e46ee4efe470777c6670c
-
Size
142KB
-
Sample
220625-nepsesccd4
-
MD5
fb665d4a9976f7a8d7d53b4ee8d3a3fd
-
SHA1
b2bcda3ea607a76f1f96d7b464bcec2950bc3da4
-
SHA256
395523cf56f7bb9497764d72ed71bab457bc86cd338e46ee4efe470777c6670c
-
SHA512
78bcc6ac3db476f1bb330c3bbf0fd18306d184c1b2ca189aa20bbd5dd0728a824f475141375ccb194aac76aefde1afc6dcfc0d34e348d8bc415f86dcf4f55ad7
Static task
static1
Behavioral task
behavioral1
Sample
395523cf56f7bb9497764d72ed71bab457bc86cd338e46ee4efe470777c6670c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
395523cf56f7bb9497764d72ed71bab457bc86cd338e46ee4efe470777c6670c.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
395523cf56f7bb9497764d72ed71bab457bc86cd338e46ee4efe470777c6670c
-
Size
142KB
-
MD5
fb665d4a9976f7a8d7d53b4ee8d3a3fd
-
SHA1
b2bcda3ea607a76f1f96d7b464bcec2950bc3da4
-
SHA256
395523cf56f7bb9497764d72ed71bab457bc86cd338e46ee4efe470777c6670c
-
SHA512
78bcc6ac3db476f1bb330c3bbf0fd18306d184c1b2ca189aa20bbd5dd0728a824f475141375ccb194aac76aefde1afc6dcfc0d34e348d8bc415f86dcf4f55ad7
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-