General
-
Target
547ef5bd9c5caa12e7e066844f1156d4fc8a6268bff272024a525689c7eabca1
-
Size
164KB
-
Sample
220725-xs1xaabbe8
-
MD5
3ba8dc8d24da92095584ea015e34a30c
-
SHA1
5c846a3f3b861d566fef2d70afe59ed35c82fecf
-
SHA256
547ef5bd9c5caa12e7e066844f1156d4fc8a6268bff272024a525689c7eabca1
-
SHA512
5f2666e937a9eb6889c081460846544d45824f5c491858af804830d7d6b0baa468cf2262f585e80f3e5d6b7a4c38ec22153af983411b36d333605f197cf471e3
Static task
static1
Behavioral task
behavioral1
Sample
547ef5bd9c5caa12e7e066844f1156d4fc8a6268bff272024a525689c7eabca1.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
547ef5bd9c5caa12e7e066844f1156d4fc8a6268bff272024a525689c7eabca1.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
tofsee
103.232.222.57
111.121.193.242
123.249.0.22
Targets
-
-
Target
547ef5bd9c5caa12e7e066844f1156d4fc8a6268bff272024a525689c7eabca1
-
Size
164KB
-
MD5
3ba8dc8d24da92095584ea015e34a30c
-
SHA1
5c846a3f3b861d566fef2d70afe59ed35c82fecf
-
SHA256
547ef5bd9c5caa12e7e066844f1156d4fc8a6268bff272024a525689c7eabca1
-
SHA512
5f2666e937a9eb6889c081460846544d45824f5c491858af804830d7d6b0baa468cf2262f585e80f3e5d6b7a4c38ec22153af983411b36d333605f197cf471e3
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-