General
-
Target
53bba6ed24ec51b05bedfe356d3e786b58448d462d1b0fd4d4ada8e93a02d6ba
-
Size
192KB
-
Sample
220727-aszynabcb8
-
MD5
34fb478b89ca67b3ac53c04ff655a7eb
-
SHA1
f757ad8658e5af68a381aee0a126725a34060d38
-
SHA256
53bba6ed24ec51b05bedfe356d3e786b58448d462d1b0fd4d4ada8e93a02d6ba
-
SHA512
41050bce6eb0a639fd74ffbfcba1ad8e6dc7b04f87d2adb3f7076d6c923a52f56c314f26abbc0a91bb7de0c59d9da543f8c5374dae84b0815caf808bc4abf081
Static task
static1
Behavioral task
behavioral1
Sample
53bba6ed24ec51b05bedfe356d3e786b58448d462d1b0fd4d4ada8e93a02d6ba.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
53bba6ed24ec51b05bedfe356d3e786b58448d462d1b0fd4d4ada8e93a02d6ba.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
tofsee
103.232.222.57
111.121.193.242
123.249.0.22
Targets
-
-
Target
53bba6ed24ec51b05bedfe356d3e786b58448d462d1b0fd4d4ada8e93a02d6ba
-
Size
192KB
-
MD5
34fb478b89ca67b3ac53c04ff655a7eb
-
SHA1
f757ad8658e5af68a381aee0a126725a34060d38
-
SHA256
53bba6ed24ec51b05bedfe356d3e786b58448d462d1b0fd4d4ada8e93a02d6ba
-
SHA512
41050bce6eb0a639fd74ffbfcba1ad8e6dc7b04f87d2adb3f7076d6c923a52f56c314f26abbc0a91bb7de0c59d9da543f8c5374dae84b0815caf808bc4abf081
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-