General
-
Target
55b3ccbe7bfce58fa9fbdbf2d7d492aa8c9def31d73982ac7e8b4ed3092e5f7c
-
Size
105KB
-
Sample
220725-smgt1abfh6
-
MD5
e96dc72743408632ec53b7bc90d4dc7f
-
SHA1
6495db6d82ec97db7e088e04c154125cebde9923
-
SHA256
55b3ccbe7bfce58fa9fbdbf2d7d492aa8c9def31d73982ac7e8b4ed3092e5f7c
-
SHA512
4c9a6d745f8fa58a5a507c1389277e3d33b23c44ee51f354a0e8c86d734324ae1703b8a2349de9d7fe19bc484ad3b8e25c59088d07773517807e51c990846140
Static task
static1
Behavioral task
behavioral1
Sample
55b3ccbe7bfce58fa9fbdbf2d7d492aa8c9def31d73982ac7e8b4ed3092e5f7c.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
55b3ccbe7bfce58fa9fbdbf2d7d492aa8c9def31d73982ac7e8b4ed3092e5f7c.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
55b3ccbe7bfce58fa9fbdbf2d7d492aa8c9def31d73982ac7e8b4ed3092e5f7c
-
Size
105KB
-
MD5
e96dc72743408632ec53b7bc90d4dc7f
-
SHA1
6495db6d82ec97db7e088e04c154125cebde9923
-
SHA256
55b3ccbe7bfce58fa9fbdbf2d7d492aa8c9def31d73982ac7e8b4ed3092e5f7c
-
SHA512
4c9a6d745f8fa58a5a507c1389277e3d33b23c44ee51f354a0e8c86d734324ae1703b8a2349de9d7fe19bc484ad3b8e25c59088d07773517807e51c990846140
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-