General
-
Target
8ef671e6c843f65adc868e3deb49ad1b226967b856c2c6c81eb0ecfd981c4930
-
Size
109KB
-
Sample
220724-v9wb1sdbcr
-
MD5
4ebfba40ddf3b9e8f62466fc1923e236
-
SHA1
1f510c742efd49e9348c1d6f50fd6e9161040b70
-
SHA256
8ef671e6c843f65adc868e3deb49ad1b226967b856c2c6c81eb0ecfd981c4930
-
SHA512
57e28c068d434170572a36e492ef29331f1b528c72380d756dba22a98c29217f59e4f384130b5e06eca8e35b18aa2a32963f1bbb9b6c786158e6166649078405
Static task
static1
Behavioral task
behavioral1
Sample
8ef671e6c843f65adc868e3deb49ad1b226967b856c2c6c81eb0ecfd981c4930.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
8ef671e6c843f65adc868e3deb49ad1b226967b856c2c6c81eb0ecfd981c4930.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
8ef671e6c843f65adc868e3deb49ad1b226967b856c2c6c81eb0ecfd981c4930
-
Size
109KB
-
MD5
4ebfba40ddf3b9e8f62466fc1923e236
-
SHA1
1f510c742efd49e9348c1d6f50fd6e9161040b70
-
SHA256
8ef671e6c843f65adc868e3deb49ad1b226967b856c2c6c81eb0ecfd981c4930
-
SHA512
57e28c068d434170572a36e492ef29331f1b528c72380d756dba22a98c29217f59e4f384130b5e06eca8e35b18aa2a32963f1bbb9b6c786158e6166649078405
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-