General
-
Target
5ff46bca8d033a58673c281fa26b7158c1d11ba6eca99a1553e2651fbb0256f0
-
Size
150KB
-
Sample
220731-jr651sgcem
-
MD5
0c3e9598600bccf1d8b874bdda869bca
-
SHA1
aeb7cd8f3f96fc4113fed76d86fa2434f2069e5e
-
SHA256
5ff46bca8d033a58673c281fa26b7158c1d11ba6eca99a1553e2651fbb0256f0
-
SHA512
6a47074a26686433edd0ebdc0573fb3541328cecc2f87421c49bf2c0a5087e36ce3a9f7d3438c37229f9b182f31e3509cd5e3c4941583a946ea777cb5909fb31
Static task
static1
Behavioral task
behavioral1
Sample
5ff46bca8d033a58673c281fa26b7158c1d11ba6eca99a1553e2651fbb0256f0.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
5ff46bca8d033a58673c281fa26b7158c1d11ba6eca99a1553e2651fbb0256f0.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
5ff46bca8d033a58673c281fa26b7158c1d11ba6eca99a1553e2651fbb0256f0
-
Size
150KB
-
MD5
0c3e9598600bccf1d8b874bdda869bca
-
SHA1
aeb7cd8f3f96fc4113fed76d86fa2434f2069e5e
-
SHA256
5ff46bca8d033a58673c281fa26b7158c1d11ba6eca99a1553e2651fbb0256f0
-
SHA512
6a47074a26686433edd0ebdc0573fb3541328cecc2f87421c49bf2c0a5087e36ce3a9f7d3438c37229f9b182f31e3509cd5e3c4941583a946ea777cb5909fb31
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-