General
-
Target
5134552a33b485a25270b8b78068b22fb46ff20267f92f690ee31a2046b9297d
-
Size
352KB
-
Sample
220718-vl1ltsafe9
-
MD5
9acfb27a482a0ac42cd9caf72a24545c
-
SHA1
b8c2d6639427c9343383ce21eff355974ea550a4
-
SHA256
5134552a33b485a25270b8b78068b22fb46ff20267f92f690ee31a2046b9297d
-
SHA512
edf966e22dba430d66718ae0a7cfc6d2b4c5b92a3eb8092872dbfb8221bc70bcb868c4a044e9323923582b3cb0d4580d7eb81201282119ff3a33c94995b9014f
Static task
static1
Behavioral task
behavioral1
Sample
5134552a33b485a25270b8b78068b22fb46ff20267f92f690ee31a2046b9297d.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5134552a33b485a25270b8b78068b22fb46ff20267f92f690ee31a2046b9297d.exe
Resource
win10v2004-20220718-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
5134552a33b485a25270b8b78068b22fb46ff20267f92f690ee31a2046b9297d
-
Size
352KB
-
MD5
9acfb27a482a0ac42cd9caf72a24545c
-
SHA1
b8c2d6639427c9343383ce21eff355974ea550a4
-
SHA256
5134552a33b485a25270b8b78068b22fb46ff20267f92f690ee31a2046b9297d
-
SHA512
edf966e22dba430d66718ae0a7cfc6d2b4c5b92a3eb8092872dbfb8221bc70bcb868c4a044e9323923582b3cb0d4580d7eb81201282119ff3a33c94995b9014f
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-