General
-
Target
e86b987fdd4dd09bb9168653a750e7a8dc3d2f491b839496d8c6ec14c52df94a
-
Size
130KB
-
Sample
221130-sh684adg21
-
MD5
f20c2e5c40d100b840e9df5cacdcfde4
-
SHA1
661220e497bdb6dfcc52b48aa5d9f888db19595e
-
SHA256
e86b987fdd4dd09bb9168653a750e7a8dc3d2f491b839496d8c6ec14c52df94a
-
SHA512
9d3e57a14bcb876068cdb1b1c864b102c00ebe73a1d56bd5dc05078501506fc2fb67d77bdaba1a382862b01890f8bb2fcfa48a134bdb60bae7e448acef52c6c3
-
SSDEEP
3072:GvNN0cMdYQ3QRi6yxZ2pHbvxWEXYff78ROm8Mxq:IN0ndYsQRXJWEXYcnj
Behavioral task
behavioral1
Sample
e86b987fdd4dd09bb9168653a750e7a8dc3d2f491b839496d8c6ec14c52df94a.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e86b987fdd4dd09bb9168653a750e7a8dc3d2f491b839496d8c6ec14c52df94a.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
tofsee
91.218.38.245
188.165.132.183
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
e86b987fdd4dd09bb9168653a750e7a8dc3d2f491b839496d8c6ec14c52df94a
-
Size
130KB
-
MD5
f20c2e5c40d100b840e9df5cacdcfde4
-
SHA1
661220e497bdb6dfcc52b48aa5d9f888db19595e
-
SHA256
e86b987fdd4dd09bb9168653a750e7a8dc3d2f491b839496d8c6ec14c52df94a
-
SHA512
9d3e57a14bcb876068cdb1b1c864b102c00ebe73a1d56bd5dc05078501506fc2fb67d77bdaba1a382862b01890f8bb2fcfa48a134bdb60bae7e448acef52c6c3
-
SSDEEP
3072:GvNN0cMdYQ3QRi6yxZ2pHbvxWEXYff78ROm8Mxq:IN0ndYsQRXJWEXYcnj
Score10/10-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-