General
-
Target
573ccc7f69afb0fa0d53b19b44a46de73a49dff0239a122d457f4e55a4961c09
-
Size
108KB
-
Sample
220725-ag12ksehdl
-
MD5
75d4f22da8952b9c6e8c82f72bfedfea
-
SHA1
95983ed45f7bd53399fb20e54a547308a2f9e9e4
-
SHA256
573ccc7f69afb0fa0d53b19b44a46de73a49dff0239a122d457f4e55a4961c09
-
SHA512
e6b945e7c5fc7259690435e780232bb6ffc3b4fd37f2cc9b6f0a7a4c6b9a175e8d84e7997454a0c11cfb44fb78863920191ed3633cee23baaa29f3ea0db0cec3
Static task
static1
Behavioral task
behavioral1
Sample
573ccc7f69afb0fa0d53b19b44a46de73a49dff0239a122d457f4e55a4961c09.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
573ccc7f69afb0fa0d53b19b44a46de73a49dff0239a122d457f4e55a4961c09.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
573ccc7f69afb0fa0d53b19b44a46de73a49dff0239a122d457f4e55a4961c09
-
Size
108KB
-
MD5
75d4f22da8952b9c6e8c82f72bfedfea
-
SHA1
95983ed45f7bd53399fb20e54a547308a2f9e9e4
-
SHA256
573ccc7f69afb0fa0d53b19b44a46de73a49dff0239a122d457f4e55a4961c09
-
SHA512
e6b945e7c5fc7259690435e780232bb6ffc3b4fd37f2cc9b6f0a7a4c6b9a175e8d84e7997454a0c11cfb44fb78863920191ed3633cee23baaa29f3ea0db0cec3
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-