General
-
Target
47928adfc11031207af45d0fcb73e5845ac4f0390e147933b60f394c7e5e5109
-
Size
99KB
-
Sample
220714-gy63gsced5
-
MD5
e7d3abe310423c6747b7c0dbc868abbc
-
SHA1
821ed9d41bffa460460fb4d30fdcf611c79eb907
-
SHA256
47928adfc11031207af45d0fcb73e5845ac4f0390e147933b60f394c7e5e5109
-
SHA512
fb3826fb561188c81b81617a87d37742ff3e6fa2d6d2146e534d15bf8ee03f09aea28115c1c36444e0c70053ceec86c4f13ac880d2c5136a3e92d4d07f2790e4
Static task
static1
Behavioral task
behavioral1
Sample
47928adfc11031207af45d0fcb73e5845ac4f0390e147933b60f394c7e5e5109.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
47928adfc11031207af45d0fcb73e5845ac4f0390e147933b60f394c7e5e5109.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
47928adfc11031207af45d0fcb73e5845ac4f0390e147933b60f394c7e5e5109
-
Size
99KB
-
MD5
e7d3abe310423c6747b7c0dbc868abbc
-
SHA1
821ed9d41bffa460460fb4d30fdcf611c79eb907
-
SHA256
47928adfc11031207af45d0fcb73e5845ac4f0390e147933b60f394c7e5e5109
-
SHA512
fb3826fb561188c81b81617a87d37742ff3e6fa2d6d2146e534d15bf8ee03f09aea28115c1c36444e0c70053ceec86c4f13ac880d2c5136a3e92d4d07f2790e4
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-