General
-
Target
5ff6edb9d95818ca99a6d559c287552009a4af4e943592d79a0f42efb44671aa
-
Size
171KB
-
Sample
220731-jq9vhsfbh3
-
MD5
210e538a95d8fd1b5737c7116ec602de
-
SHA1
f10933e1bfabe35fb3b50ebb825726b467a0a829
-
SHA256
5ff6edb9d95818ca99a6d559c287552009a4af4e943592d79a0f42efb44671aa
-
SHA512
79365f9b368fbff7b1d00821b1850e589987d70a1589949195fd3b084c9dea0658e83e6c50f2c8887386184f4c925f1de88746d47fe1f675aa6bd0e431867bbe
Static task
static1
Behavioral task
behavioral1
Sample
5ff6edb9d95818ca99a6d559c287552009a4af4e943592d79a0f42efb44671aa.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
5ff6edb9d95818ca99a6d559c287552009a4af4e943592d79a0f42efb44671aa.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
5ff6edb9d95818ca99a6d559c287552009a4af4e943592d79a0f42efb44671aa
-
Size
171KB
-
MD5
210e538a95d8fd1b5737c7116ec602de
-
SHA1
f10933e1bfabe35fb3b50ebb825726b467a0a829
-
SHA256
5ff6edb9d95818ca99a6d559c287552009a4af4e943592d79a0f42efb44671aa
-
SHA512
79365f9b368fbff7b1d00821b1850e589987d70a1589949195fd3b084c9dea0658e83e6c50f2c8887386184f4c925f1de88746d47fe1f675aa6bd0e431867bbe
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-