General
-
Target
4e41be7919494e0b7e8d3417301228bb0918448e8ab0231bc51aee61f5d2703c
-
Size
142KB
-
Sample
220720-ws439seca3
-
MD5
af23172c56640088451aa6ddd47fd779
-
SHA1
cdde3744c19b8ec13539ec3e62cdc052136e9681
-
SHA256
4e41be7919494e0b7e8d3417301228bb0918448e8ab0231bc51aee61f5d2703c
-
SHA512
82194af5df87f1f850d875300080b945c395e4b0e67ed3eca9f0b83d7ad8fddd88e59200e3ddaa6f5096c5da7aa15a9a9620959b92b6f5b2c85add696812f8a7
Static task
static1
Behavioral task
behavioral1
Sample
4e41be7919494e0b7e8d3417301228bb0918448e8ab0231bc51aee61f5d2703c.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
4e41be7919494e0b7e8d3417301228bb0918448e8ab0231bc51aee61f5d2703c.exe
Resource
win10v2004-20220718-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
4e41be7919494e0b7e8d3417301228bb0918448e8ab0231bc51aee61f5d2703c
-
Size
142KB
-
MD5
af23172c56640088451aa6ddd47fd779
-
SHA1
cdde3744c19b8ec13539ec3e62cdc052136e9681
-
SHA256
4e41be7919494e0b7e8d3417301228bb0918448e8ab0231bc51aee61f5d2703c
-
SHA512
82194af5df87f1f850d875300080b945c395e4b0e67ed3eca9f0b83d7ad8fddd88e59200e3ddaa6f5096c5da7aa15a9a9620959b92b6f5b2c85add696812f8a7
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-