General
-
Target
3bf66140ed49d2b71c6674e064b26d605f196ec45b99cc2392802313918cd4ed
-
Size
104KB
-
Sample
220703-k1trqafbh3
-
MD5
cfce7e045cb6ed8bdcab5460ea2ff37a
-
SHA1
6bdc0c47643df5da4a583b0e23a8572a90d27ecd
-
SHA256
3bf66140ed49d2b71c6674e064b26d605f196ec45b99cc2392802313918cd4ed
-
SHA512
41d25210921915a7163daa4433a61f8c865a64829fa1d1ffd50a2dea7aa8aef66d3e7ed52229bac9e181c20b21543a3cb92251edcdce738e1735010bdba01279
Static task
static1
Behavioral task
behavioral1
Sample
3bf66140ed49d2b71c6674e064b26d605f196ec45b99cc2392802313918cd4ed.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3bf66140ed49d2b71c6674e064b26d605f196ec45b99cc2392802313918cd4ed.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
3bf66140ed49d2b71c6674e064b26d605f196ec45b99cc2392802313918cd4ed
-
Size
104KB
-
MD5
cfce7e045cb6ed8bdcab5460ea2ff37a
-
SHA1
6bdc0c47643df5da4a583b0e23a8572a90d27ecd
-
SHA256
3bf66140ed49d2b71c6674e064b26d605f196ec45b99cc2392802313918cd4ed
-
SHA512
41d25210921915a7163daa4433a61f8c865a64829fa1d1ffd50a2dea7aa8aef66d3e7ed52229bac9e181c20b21543a3cb92251edcdce738e1735010bdba01279
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-