General
-
Target
bf70072a410476c477352aad030772083818addd487a2960e6b3721a9fbaf6da
-
Size
104KB
-
Sample
220724-vzwj2acfcl
-
MD5
202cbaf42e640f679f02b34129b55bf7
-
SHA1
99db92a9d47bc57578e2d423db2858151d4b945e
-
SHA256
bf70072a410476c477352aad030772083818addd487a2960e6b3721a9fbaf6da
-
SHA512
fafb5a2471d915b9bb9043b703c957f0e8471cbb1c0e4fc8ae17968a71bea400edbab52fef2e297ba3ad141f65449991a027a27cab20b8e3700629d8aa5773e3
Static task
static1
Behavioral task
behavioral1
Sample
bf70072a410476c477352aad030772083818addd487a2960e6b3721a9fbaf6da.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
bf70072a410476c477352aad030772083818addd487a2960e6b3721a9fbaf6da.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
bf70072a410476c477352aad030772083818addd487a2960e6b3721a9fbaf6da
-
Size
104KB
-
MD5
202cbaf42e640f679f02b34129b55bf7
-
SHA1
99db92a9d47bc57578e2d423db2858151d4b945e
-
SHA256
bf70072a410476c477352aad030772083818addd487a2960e6b3721a9fbaf6da
-
SHA512
fafb5a2471d915b9bb9043b703c957f0e8471cbb1c0e4fc8ae17968a71bea400edbab52fef2e297ba3ad141f65449991a027a27cab20b8e3700629d8aa5773e3
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-