General
-
Target
53e637996db3df92d3ef579b52fc63f38902c2d9522295ef07bbb3594cad2593
-
Size
98KB
-
Sample
220726-xa39pagaf6
-
MD5
d9edc460194b4e171f4d802203dba4d4
-
SHA1
6ff3775eae4005c8c6684f7520ccccf747985836
-
SHA256
53e637996db3df92d3ef579b52fc63f38902c2d9522295ef07bbb3594cad2593
-
SHA512
f6d648c86d4ecfb9c18b8fee28706b3ca01f74bb623c35ae295b7196b7eba3d2db896960dacfb6b6e4626f8198480b429e71a2d05e4ca7ba0bce7bcd4b8d57dd
Static task
static1
Behavioral task
behavioral1
Sample
53e637996db3df92d3ef579b52fc63f38902c2d9522295ef07bbb3594cad2593.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
53e637996db3df92d3ef579b52fc63f38902c2d9522295ef07bbb3594cad2593.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
53e637996db3df92d3ef579b52fc63f38902c2d9522295ef07bbb3594cad2593
-
Size
98KB
-
MD5
d9edc460194b4e171f4d802203dba4d4
-
SHA1
6ff3775eae4005c8c6684f7520ccccf747985836
-
SHA256
53e637996db3df92d3ef579b52fc63f38902c2d9522295ef07bbb3594cad2593
-
SHA512
f6d648c86d4ecfb9c18b8fee28706b3ca01f74bb623c35ae295b7196b7eba3d2db896960dacfb6b6e4626f8198480b429e71a2d05e4ca7ba0bce7bcd4b8d57dd
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-