General
-
Target
ba91ffb597778dc5526826dde9715282049d0732d08df54314c1087056d7fbcd
-
Size
81KB
-
Sample
221130-2h24tabd77
-
MD5
aaf4a34a5d5d298ef5b02a4ac71378c6
-
SHA1
96b74f49bd95c0b18a5e22ff9bac7da3ebce1835
-
SHA256
ba91ffb597778dc5526826dde9715282049d0732d08df54314c1087056d7fbcd
-
SHA512
ca22dc85572108ee699502e28bfec15f5fc8ad6424705eb2aa51a75b99ffc95e189ad6f7d9cc48a1c0cbb68b78fe9ffaa9ec0baa9fd2180d4b3f47a96574dea6
-
SSDEEP
1536:iO6tyJjl87GWuWK6RpoBlJ/rkvgGYD3UH:iO6tyJkGHL6verggpUH
Static task
static1
Behavioral task
behavioral1
Sample
ba91ffb597778dc5526826dde9715282049d0732d08df54314c1087056d7fbcd.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ba91ffb597778dc5526826dde9715282049d0732d08df54314c1087056d7fbcd.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
tofsee
185.4.227.76
188.165.132.183
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
ba91ffb597778dc5526826dde9715282049d0732d08df54314c1087056d7fbcd
-
Size
81KB
-
MD5
aaf4a34a5d5d298ef5b02a4ac71378c6
-
SHA1
96b74f49bd95c0b18a5e22ff9bac7da3ebce1835
-
SHA256
ba91ffb597778dc5526826dde9715282049d0732d08df54314c1087056d7fbcd
-
SHA512
ca22dc85572108ee699502e28bfec15f5fc8ad6424705eb2aa51a75b99ffc95e189ad6f7d9cc48a1c0cbb68b78fe9ffaa9ec0baa9fd2180d4b3f47a96574dea6
-
SSDEEP
1536:iO6tyJjl87GWuWK6RpoBlJ/rkvgGYD3UH:iO6tyJkGHL6verggpUH
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-