General
-
Target
820b43708e064c1a6eb1eeb411b011e900fcd162afdd55d077ef619777a9d12b
-
Size
10.2MB
-
Sample
220719-ky6nhaaba5
-
MD5
1e8fbe02f284b3c2e591e29f1e1de377
-
SHA1
27750d8df6cacbce285525556e00579b67ace994
-
SHA256
820b43708e064c1a6eb1eeb411b011e900fcd162afdd55d077ef619777a9d12b
-
SHA512
59b8ed39fab69bcac36a07d2116c893e215759218b98e61c1955874ba84954e5f5f23289b7ee7c57b9b10e12cc9efe02515760eac819b4e0ce129bb11ef92322
Static task
static1
Behavioral task
behavioral1
Sample
820b43708e064c1a6eb1eeb411b011e900fcd162afdd55d077ef619777a9d12b.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
820b43708e064c1a6eb1eeb411b011e900fcd162afdd55d077ef619777a9d12b.exe
Resource
win10v2004-20220718-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
820b43708e064c1a6eb1eeb411b011e900fcd162afdd55d077ef619777a9d12b
-
Size
10.2MB
-
MD5
1e8fbe02f284b3c2e591e29f1e1de377
-
SHA1
27750d8df6cacbce285525556e00579b67ace994
-
SHA256
820b43708e064c1a6eb1eeb411b011e900fcd162afdd55d077ef619777a9d12b
-
SHA512
59b8ed39fab69bcac36a07d2116c893e215759218b98e61c1955874ba84954e5f5f23289b7ee7c57b9b10e12cc9efe02515760eac819b4e0ce129bb11ef92322
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-