General
-
Target
a2088c326ff419b13f3b65fa4358ac0dae9989f28fc03122f603ec4e1d04a993
-
Size
98KB
-
Sample
220731-nr8fasfdan
-
MD5
514b7bcdfaee001949a7d283d30b4e4f
-
SHA1
efafadcadb7c5666bc6716b3e3b7228008f78e2e
-
SHA256
a2088c326ff419b13f3b65fa4358ac0dae9989f28fc03122f603ec4e1d04a993
-
SHA512
700f7cdc8538f879ecae07218850750bcb0edcf2fddafedbf175119d4c2e0d85efc257f9dfba99a31b0d87cf0b6d2bc915f6931243572c91646df1b70409eb45
Static task
static1
Behavioral task
behavioral1
Sample
a2088c326ff419b13f3b65fa4358ac0dae9989f28fc03122f603ec4e1d04a993.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
a2088c326ff419b13f3b65fa4358ac0dae9989f28fc03122f603ec4e1d04a993.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
a2088c326ff419b13f3b65fa4358ac0dae9989f28fc03122f603ec4e1d04a993
-
Size
98KB
-
MD5
514b7bcdfaee001949a7d283d30b4e4f
-
SHA1
efafadcadb7c5666bc6716b3e3b7228008f78e2e
-
SHA256
a2088c326ff419b13f3b65fa4358ac0dae9989f28fc03122f603ec4e1d04a993
-
SHA512
700f7cdc8538f879ecae07218850750bcb0edcf2fddafedbf175119d4c2e0d85efc257f9dfba99a31b0d87cf0b6d2bc915f6931243572c91646df1b70409eb45
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-