General
-
Target
3f7bb036eef312a9c1fca60105f1b87235dc8b14d617e415f95a7043f9efe917
-
Size
137KB
-
Sample
220701-bt8gvsgaf3
-
MD5
708dc91ee0b8a61718e9991a1396b23f
-
SHA1
d7bd310fd1a8ba9500c00b4e7626aa780552d26c
-
SHA256
3f7bb036eef312a9c1fca60105f1b87235dc8b14d617e415f95a7043f9efe917
-
SHA512
569e90713153b268f2cdcb12e78156facdcda6e936ae45e0032d317efe9d8d442d53335ab7e37514cb800d9885d5c575209b2a64e098e69c4c4db20f927f7278
Static task
static1
Behavioral task
behavioral1
Sample
3f7bb036eef312a9c1fca60105f1b87235dc8b14d617e415f95a7043f9efe917.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3f7bb036eef312a9c1fca60105f1b87235dc8b14d617e415f95a7043f9efe917.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
3f7bb036eef312a9c1fca60105f1b87235dc8b14d617e415f95a7043f9efe917
-
Size
137KB
-
MD5
708dc91ee0b8a61718e9991a1396b23f
-
SHA1
d7bd310fd1a8ba9500c00b4e7626aa780552d26c
-
SHA256
3f7bb036eef312a9c1fca60105f1b87235dc8b14d617e415f95a7043f9efe917
-
SHA512
569e90713153b268f2cdcb12e78156facdcda6e936ae45e0032d317efe9d8d442d53335ab7e37514cb800d9885d5c575209b2a64e098e69c4c4db20f927f7278
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-