General
-
Target
3b716928bfac2bcc66212be3f9ab5a072ef620edf3e4b69148e4ecf14e634560
-
Size
139KB
-
Sample
220703-tx4xysafb4
-
MD5
a2300b70e5420a971e380a21c4469387
-
SHA1
3fbd333c6314e91f9adf89a1b32186156c6d34bb
-
SHA256
3b716928bfac2bcc66212be3f9ab5a072ef620edf3e4b69148e4ecf14e634560
-
SHA512
2fbab93c5e9c50d5a1d8a03a3e26b0d13f84cd442afe2cd35e51c900e8495fb873abd49da2e83e7df1318f5297fde44355755acc92e8f2176b1de6246c2f1a03
Static task
static1
Behavioral task
behavioral1
Sample
3b716928bfac2bcc66212be3f9ab5a072ef620edf3e4b69148e4ecf14e634560.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3b716928bfac2bcc66212be3f9ab5a072ef620edf3e4b69148e4ecf14e634560.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
3b716928bfac2bcc66212be3f9ab5a072ef620edf3e4b69148e4ecf14e634560
-
Size
139KB
-
MD5
a2300b70e5420a971e380a21c4469387
-
SHA1
3fbd333c6314e91f9adf89a1b32186156c6d34bb
-
SHA256
3b716928bfac2bcc66212be3f9ab5a072ef620edf3e4b69148e4ecf14e634560
-
SHA512
2fbab93c5e9c50d5a1d8a03a3e26b0d13f84cd442afe2cd35e51c900e8495fb873abd49da2e83e7df1318f5297fde44355755acc92e8f2176b1de6246c2f1a03
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-