General
-
Target
03c3bf89ec80ccc2ebb578d871ecda58b8623d0fcaac4fc95981ea15aeaa7ba9
-
Size
127KB
-
Sample
221130-t7fywaba6y
-
MD5
26f79e78a4b445e1da768ce79e82c95b
-
SHA1
3aedd60770c0179990df20eb9bfc81904297c10d
-
SHA256
03c3bf89ec80ccc2ebb578d871ecda58b8623d0fcaac4fc95981ea15aeaa7ba9
-
SHA512
ace209673d901058793d806c3d033d5c676d33898fc032b39b23f8c4a241694f0e7dba14968076494b64d4d687bd0391d69ab9689e46ef99d076a41983a94e39
-
SSDEEP
3072:DR9RULLkf1SfmmzUhJUVWZ3KOcPpKEK6ARbF:DZaLq1SfmmIoi6BPprKbF
Static task
static1
Behavioral task
behavioral1
Sample
03c3bf89ec80ccc2ebb578d871ecda58b8623d0fcaac4fc95981ea15aeaa7ba9.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
03c3bf89ec80ccc2ebb578d871ecda58b8623d0fcaac4fc95981ea15aeaa7ba9.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
03c3bf89ec80ccc2ebb578d871ecda58b8623d0fcaac4fc95981ea15aeaa7ba9
-
Size
127KB
-
MD5
26f79e78a4b445e1da768ce79e82c95b
-
SHA1
3aedd60770c0179990df20eb9bfc81904297c10d
-
SHA256
03c3bf89ec80ccc2ebb578d871ecda58b8623d0fcaac4fc95981ea15aeaa7ba9
-
SHA512
ace209673d901058793d806c3d033d5c676d33898fc032b39b23f8c4a241694f0e7dba14968076494b64d4d687bd0391d69ab9689e46ef99d076a41983a94e39
-
SSDEEP
3072:DR9RULLkf1SfmmzUhJUVWZ3KOcPpKEK6ARbF:DZaLq1SfmmIoi6BPprKbF
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-