General
-
Target
7752586221.zip
-
Size
216KB
-
Sample
220729-mqf4zsgfc9
-
MD5
b691d84be698502cfbbe83964ae21532
-
SHA1
de96db60f0dbfd774ee8d9e9bd4db6ac50270ae0
-
SHA256
bf32d8eacf9b5dbaba44bd0992359c7901c732c97350e047759aa2054a968725
-
SHA512
2138d34efe2fe176b23d9a8348dcb10d724cd63a10edc377889269b1d266ef32cbd1e599c6a358463dff71f67c4c49b1d69cbc5f070ce2f5f506d5bb0b8143f5
Static task
static1
Behavioral task
behavioral1
Sample
519c5ce5aaedf029cd10b0e70a08eaf817cdfbaf1cf420e8ef9e14f4671b72bd.exe
Resource
win10-20220414-en
Behavioral task
behavioral2
Sample
519c5ce5aaedf029cd10b0e70a08eaf817cdfbaf1cf420e8ef9e14f4671b72bd.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
tofsee
mubrikych.top
oxxyfix.xyz
Targets
-
-
Target
519c5ce5aaedf029cd10b0e70a08eaf817cdfbaf1cf420e8ef9e14f4671b72bd
-
Size
11.6MB
-
MD5
ca48c2a5c3d617e0538e0baadaa23bc7
-
SHA1
42936532aa66b923d389a496352e7494bdd8ba23
-
SHA256
519c5ce5aaedf029cd10b0e70a08eaf817cdfbaf1cf420e8ef9e14f4671b72bd
-
SHA512
79966f4ee83d1f2ffaaaffe2590375ea26c5ef1c42bbae50727ddf561d98a0d2928fb332ae568fec02da3140f17b1a6f1e1ca77cdc4ae0fd8d1bd663bc0afefe
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-