General
-
Target
5bb633fef2f50ca5ec2302ea37800f68c76596ef770c394e706f57a5d655feac
-
Size
137KB
-
Sample
220801-vfcmtadhc9
-
MD5
8a7bd882918e72bdf0ac40577f380ddb
-
SHA1
fad079d8ea6e73146d55ac5ca26745f5bdc2c02d
-
SHA256
5bb633fef2f50ca5ec2302ea37800f68c76596ef770c394e706f57a5d655feac
-
SHA512
b57d44daace9962ac0926bd6ae09c8c3a2998cbbf777ba3a367c82a2c3b948b8355180b65b10d150ec9f6900bc29785e21c90e07199b8b761f5111f91b0c1db7
Static task
static1
Behavioral task
behavioral1
Sample
5bb633fef2f50ca5ec2302ea37800f68c76596ef770c394e706f57a5d655feac.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5bb633fef2f50ca5ec2302ea37800f68c76596ef770c394e706f57a5d655feac.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
5bb633fef2f50ca5ec2302ea37800f68c76596ef770c394e706f57a5d655feac
-
Size
137KB
-
MD5
8a7bd882918e72bdf0ac40577f380ddb
-
SHA1
fad079d8ea6e73146d55ac5ca26745f5bdc2c02d
-
SHA256
5bb633fef2f50ca5ec2302ea37800f68c76596ef770c394e706f57a5d655feac
-
SHA512
b57d44daace9962ac0926bd6ae09c8c3a2998cbbf777ba3a367c82a2c3b948b8355180b65b10d150ec9f6900bc29785e21c90e07199b8b761f5111f91b0c1db7
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-