General
-
Target
5527e07895f412771ae4350dfa825e5d08140073600ebd6aa321276b737cc839
-
Size
106KB
-
Sample
220725-vdrnysbbak
-
MD5
8c122278e768601f20f1e9f6c407cce2
-
SHA1
a3f99a111ad0a22614a10337ef807607262aea61
-
SHA256
5527e07895f412771ae4350dfa825e5d08140073600ebd6aa321276b737cc839
-
SHA512
11a1e995193b09ca342bb7a0c3203c0a41b7d83260666b8ac460c14c7c74c8683b00e407ddb97cceba87fb442635807b70eb9581326f886e6b673bee72096173
Static task
static1
Behavioral task
behavioral1
Sample
5527e07895f412771ae4350dfa825e5d08140073600ebd6aa321276b737cc839.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
5527e07895f412771ae4350dfa825e5d08140073600ebd6aa321276b737cc839.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
5527e07895f412771ae4350dfa825e5d08140073600ebd6aa321276b737cc839
-
Size
106KB
-
MD5
8c122278e768601f20f1e9f6c407cce2
-
SHA1
a3f99a111ad0a22614a10337ef807607262aea61
-
SHA256
5527e07895f412771ae4350dfa825e5d08140073600ebd6aa321276b737cc839
-
SHA512
11a1e995193b09ca342bb7a0c3203c0a41b7d83260666b8ac460c14c7c74c8683b00e407ddb97cceba87fb442635807b70eb9581326f886e6b673bee72096173
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-