General
-
Target
5f169cada11fffca75af5eb67f6d0fd92c1042cca1ed460aa7196e4a9ecbb1a5
-
Size
160KB
-
Sample
220731-wx1xeacbbn
-
MD5
0c4d08e0b8da928708643b270420852d
-
SHA1
fcc3d633223a431ccc725c89403730ef506b49d7
-
SHA256
5f169cada11fffca75af5eb67f6d0fd92c1042cca1ed460aa7196e4a9ecbb1a5
-
SHA512
baf7d0ab12f2f0133b24daf6b3cc046c2cc4963de5926e611cd4138d2c49df860e339d39d99a4c17435f00ddcc640a87295a5fbfb688fef044f1d7a0b5b97605
Static task
static1
Behavioral task
behavioral1
Sample
5f169cada11fffca75af5eb67f6d0fd92c1042cca1ed460aa7196e4a9ecbb1a5.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5f169cada11fffca75af5eb67f6d0fd92c1042cca1ed460aa7196e4a9ecbb1a5.exe
Resource
win10v2004-20220722-en
Malware Config
Extracted
tofsee
103.232.222.57
111.121.193.242
123.249.0.22
Targets
-
-
Target
5f169cada11fffca75af5eb67f6d0fd92c1042cca1ed460aa7196e4a9ecbb1a5
-
Size
160KB
-
MD5
0c4d08e0b8da928708643b270420852d
-
SHA1
fcc3d633223a431ccc725c89403730ef506b49d7
-
SHA256
5f169cada11fffca75af5eb67f6d0fd92c1042cca1ed460aa7196e4a9ecbb1a5
-
SHA512
baf7d0ab12f2f0133b24daf6b3cc046c2cc4963de5926e611cd4138d2c49df860e339d39d99a4c17435f00ddcc640a87295a5fbfb688fef044f1d7a0b5b97605
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-