General
-
Target
145ac82c16544ac72d563e62eafda00d3564a7bb54df5ee27d32899441cf1e07
-
Size
209KB
-
Sample
221130-v6hxhsbb73
-
MD5
f2a6a8592a13fca12320d80df66a4fa8
-
SHA1
1a31a7b1abed366476ffc624367a78adaccddb0b
-
SHA256
145ac82c16544ac72d563e62eafda00d3564a7bb54df5ee27d32899441cf1e07
-
SHA512
4b0349f7fdd9e16f6b1b8c7bd407cc4437378e64de4a88b095f91cd7b9526eae2ec930f20e99ca606dc35b04300cda9f6de1e455c036bff0b75d0ec89dc965b9
-
SSDEEP
3072:HbJ08rWCZeFkOWQQnwVTPt/G5ebEC3I4ZYm4k8ufx4RQ0ayjQdDfly2KgFkOz1R:HbJ3KCZIkO1QnA5+yskfWafXrFkOz
Static task
static1
Behavioral task
behavioral1
Sample
145ac82c16544ac72d563e62eafda00d3564a7bb54df5ee27d32899441cf1e07.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
145ac82c16544ac72d563e62eafda00d3564a7bb54df5ee27d32899441cf1e07.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
tofsee
64.20.54.234
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
145ac82c16544ac72d563e62eafda00d3564a7bb54df5ee27d32899441cf1e07
-
Size
209KB
-
MD5
f2a6a8592a13fca12320d80df66a4fa8
-
SHA1
1a31a7b1abed366476ffc624367a78adaccddb0b
-
SHA256
145ac82c16544ac72d563e62eafda00d3564a7bb54df5ee27d32899441cf1e07
-
SHA512
4b0349f7fdd9e16f6b1b8c7bd407cc4437378e64de4a88b095f91cd7b9526eae2ec930f20e99ca606dc35b04300cda9f6de1e455c036bff0b75d0ec89dc965b9
-
SSDEEP
3072:HbJ08rWCZeFkOWQQnwVTPt/G5ebEC3I4ZYm4k8ufx4RQ0ayjQdDfly2KgFkOz1R:HbJ3KCZIkO1QnA5+yskfWafXrFkOz
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-