General
-
Target
5412ce24dba0bda8ea83426f4cd1c7e7bfea1d0dffb5b15b3801c7977539eccb
-
Size
132KB
-
Sample
220725-y6j2csdfb4
-
MD5
3247288441b450a0be73b99371ffe5a4
-
SHA1
00b0844f6d2ab60df8884f77d02c92f05f83cb48
-
SHA256
5412ce24dba0bda8ea83426f4cd1c7e7bfea1d0dffb5b15b3801c7977539eccb
-
SHA512
b7099b098b966b64a07d70b7efe74486c804f969c5c6f96c80f269627fa8e69905c11f8ca725c2cdd1651940903d4a1b744606bace0576b24fa75074141a5a66
Behavioral task
behavioral1
Sample
5412ce24dba0bda8ea83426f4cd1c7e7bfea1d0dffb5b15b3801c7977539eccb.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5412ce24dba0bda8ea83426f4cd1c7e7bfea1d0dffb5b15b3801c7977539eccb.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
tofsee
91.218.38.245
188.165.132.183
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
5412ce24dba0bda8ea83426f4cd1c7e7bfea1d0dffb5b15b3801c7977539eccb
-
Size
132KB
-
MD5
3247288441b450a0be73b99371ffe5a4
-
SHA1
00b0844f6d2ab60df8884f77d02c92f05f83cb48
-
SHA256
5412ce24dba0bda8ea83426f4cd1c7e7bfea1d0dffb5b15b3801c7977539eccb
-
SHA512
b7099b098b966b64a07d70b7efe74486c804f969c5c6f96c80f269627fa8e69905c11f8ca725c2cdd1651940903d4a1b744606bace0576b24fa75074141a5a66
Score10/10-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-