General
-
Target
5f1237952a865108d43ba926ca2310cf7176e6fcc38dd1ce387f6e75f6eafc6e
-
Size
153KB
-
Sample
220731-wz5ndabab8
-
MD5
581fd522171bdcb6867fe89afd9f8cd6
-
SHA1
e62b04de12535623e835c467e90a1fcc8ca02a91
-
SHA256
5f1237952a865108d43ba926ca2310cf7176e6fcc38dd1ce387f6e75f6eafc6e
-
SHA512
b7ce6b3cd0091f5192d71ed8bd3a266eb0a8d9ac3336dee5373a81cbc679bbcce8fdef7030136abc72a33cfec57926967551db18c3371069e63d6a7616921764
Static task
static1
Behavioral task
behavioral1
Sample
5f1237952a865108d43ba926ca2310cf7176e6fcc38dd1ce387f6e75f6eafc6e.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5f1237952a865108d43ba926ca2310cf7176e6fcc38dd1ce387f6e75f6eafc6e.exe
Resource
win10v2004-20220722-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
5f1237952a865108d43ba926ca2310cf7176e6fcc38dd1ce387f6e75f6eafc6e
-
Size
153KB
-
MD5
581fd522171bdcb6867fe89afd9f8cd6
-
SHA1
e62b04de12535623e835c467e90a1fcc8ca02a91
-
SHA256
5f1237952a865108d43ba926ca2310cf7176e6fcc38dd1ce387f6e75f6eafc6e
-
SHA512
b7ce6b3cd0091f5192d71ed8bd3a266eb0a8d9ac3336dee5373a81cbc679bbcce8fdef7030136abc72a33cfec57926967551db18c3371069e63d6a7616921764
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-