General
-
Target
59041c9612409e6e29396725ac2eff70eb0f221ff0abcce4e4b45c80b3b9e489
-
Size
142KB
-
Sample
220724-gb89bshaar
-
MD5
96290b6d1ff2ea3be726db7d59eeb791
-
SHA1
b75f9263569bb2fbc37cba9c1304465c31b7a461
-
SHA256
59041c9612409e6e29396725ac2eff70eb0f221ff0abcce4e4b45c80b3b9e489
-
SHA512
c485f72a130cd86793040cf72746ff1bdfd9a746b126edc929d3bc09a813a7fcb9733848cfb21d0860abffccd7fae1bc8e94209e23afdf8b0f6f67e48c9b088f
Static task
static1
Behavioral task
behavioral1
Sample
59041c9612409e6e29396725ac2eff70eb0f221ff0abcce4e4b45c80b3b9e489.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
59041c9612409e6e29396725ac2eff70eb0f221ff0abcce4e4b45c80b3b9e489.exe
Resource
win10v2004-20220722-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
59041c9612409e6e29396725ac2eff70eb0f221ff0abcce4e4b45c80b3b9e489
-
Size
142KB
-
MD5
96290b6d1ff2ea3be726db7d59eeb791
-
SHA1
b75f9263569bb2fbc37cba9c1304465c31b7a461
-
SHA256
59041c9612409e6e29396725ac2eff70eb0f221ff0abcce4e4b45c80b3b9e489
-
SHA512
c485f72a130cd86793040cf72746ff1bdfd9a746b126edc929d3bc09a813a7fcb9733848cfb21d0860abffccd7fae1bc8e94209e23afdf8b0f6f67e48c9b088f
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-