General
-
Target
608f00694431d768e0f89037b3cea2805932ac3228b82742805456175125248b
-
Size
180KB
-
Sample
220731-ekm2cafdg8
-
MD5
079eeb586e7e582083387bd6c1342a87
-
SHA1
37dc6f6df1e3b634cf6d5d7eec52d28550db0732
-
SHA256
608f00694431d768e0f89037b3cea2805932ac3228b82742805456175125248b
-
SHA512
c12a383e3e08d526da6c6dd4e1ccaaf4b842f04c7f3745de08f8e946a44330803472f14ed78a10ed434d55c7da3e4e3ca21582fb701c388b38bdff6477f47e0a
Static task
static1
Behavioral task
behavioral1
Sample
608f00694431d768e0f89037b3cea2805932ac3228b82742805456175125248b.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
608f00694431d768e0f89037b3cea2805932ac3228b82742805456175125248b.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
tofsee
103.232.222.57
111.121.193.242
123.249.0.22
Targets
-
-
Target
608f00694431d768e0f89037b3cea2805932ac3228b82742805456175125248b
-
Size
180KB
-
MD5
079eeb586e7e582083387bd6c1342a87
-
SHA1
37dc6f6df1e3b634cf6d5d7eec52d28550db0732
-
SHA256
608f00694431d768e0f89037b3cea2805932ac3228b82742805456175125248b
-
SHA512
c12a383e3e08d526da6c6dd4e1ccaaf4b842f04c7f3745de08f8e946a44330803472f14ed78a10ed434d55c7da3e4e3ca21582fb701c388b38bdff6477f47e0a
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-