General
-
Target
5b3ed204bf794afc4d32c750e74a219c4730b2a96ded36c6ea2753581158ab11
-
Size
138KB
-
Sample
220802-atfamscgfm
-
MD5
9e23db864b9cc771a31f1ee21d7d418c
-
SHA1
8f510bac94a035d004d2f995e5ec7d11e48a057c
-
SHA256
5b3ed204bf794afc4d32c750e74a219c4730b2a96ded36c6ea2753581158ab11
-
SHA512
d0efd4f3089ad8fcbbe782f49753edf4fee3884ebc82a86c172a5615e0758bdeb030c25468e7b46da1b6668daa7a9f6ee24a8e08a08b29c87edaba0cd7fa7c2d
Static task
static1
Behavioral task
behavioral1
Sample
5b3ed204bf794afc4d32c750e74a219c4730b2a96ded36c6ea2753581158ab11.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5b3ed204bf794afc4d32c750e74a219c4730b2a96ded36c6ea2753581158ab11.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
5b3ed204bf794afc4d32c750e74a219c4730b2a96ded36c6ea2753581158ab11
-
Size
138KB
-
MD5
9e23db864b9cc771a31f1ee21d7d418c
-
SHA1
8f510bac94a035d004d2f995e5ec7d11e48a057c
-
SHA256
5b3ed204bf794afc4d32c750e74a219c4730b2a96ded36c6ea2753581158ab11
-
SHA512
d0efd4f3089ad8fcbbe782f49753edf4fee3884ebc82a86c172a5615e0758bdeb030c25468e7b46da1b6668daa7a9f6ee24a8e08a08b29c87edaba0cd7fa7c2d
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-