General
-
Target
51fba2abdd4534452a45581adf29490a64c39e7ef17c3b592d16c912228f5bca
-
Size
208KB
-
Sample
220717-q6esmsbfdl
-
MD5
0d30c2ceed9bcddf16e349a0f1c87ee4
-
SHA1
9cd7d44d94ad0638204e09311bf7f065991d442a
-
SHA256
51fba2abdd4534452a45581adf29490a64c39e7ef17c3b592d16c912228f5bca
-
SHA512
8db23f50074d3e6cbe53bc02d9096072de5f5dc7ede3ee00734822f7b43a8fcc7cc232c7fadf9de3cd490f4204b9c944bd6fe5acb3a37550089762b0d0d83d05
Static task
static1
Behavioral task
behavioral1
Sample
51fba2abdd4534452a45581adf29490a64c39e7ef17c3b592d16c912228f5bca.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
51fba2abdd4534452a45581adf29490a64c39e7ef17c3b592d16c912228f5bca.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
103.232.222.57
111.121.193.242
123.249.0.22
Targets
-
-
Target
51fba2abdd4534452a45581adf29490a64c39e7ef17c3b592d16c912228f5bca
-
Size
208KB
-
MD5
0d30c2ceed9bcddf16e349a0f1c87ee4
-
SHA1
9cd7d44d94ad0638204e09311bf7f065991d442a
-
SHA256
51fba2abdd4534452a45581adf29490a64c39e7ef17c3b592d16c912228f5bca
-
SHA512
8db23f50074d3e6cbe53bc02d9096072de5f5dc7ede3ee00734822f7b43a8fcc7cc232c7fadf9de3cd490f4204b9c944bd6fe5acb3a37550089762b0d0d83d05
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-