General
-
Target
a7250968f0756bdf6eb6c2662ea64c9e944e1dbd78cf53e5444e835d0fc47ba2
-
Size
106KB
-
Sample
221201-yq81jsad8s
-
MD5
340e1c39a591b9685a5de3e100883817
-
SHA1
53f1007ec62fe1d554b6681eff63c37f9bcd6d8d
-
SHA256
a7250968f0756bdf6eb6c2662ea64c9e944e1dbd78cf53e5444e835d0fc47ba2
-
SHA512
384799689e03f2f567e0b7273632a863ad5e15dbfe75038ea4bcb8eef3e5eb0425e770253ab518c3223175bc68248f6efe8656d04c140510b59813633ebcb026
-
SSDEEP
1536:LMpZhSk82kttWsMbxCbp1Zped9aZ6EaM8PkXVeNsV5kLsPHQbu:LMvQtWjt6peyZ7DXVJVviu
Static task
static1
Behavioral task
behavioral1
Sample
a7250968f0756bdf6eb6c2662ea64c9e944e1dbd78cf53e5444e835d0fc47ba2.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
a7250968f0756bdf6eb6c2662ea64c9e944e1dbd78cf53e5444e835d0fc47ba2.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
tofsee
188.93.235.142
188.165.132.183
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
a7250968f0756bdf6eb6c2662ea64c9e944e1dbd78cf53e5444e835d0fc47ba2
-
Size
106KB
-
MD5
340e1c39a591b9685a5de3e100883817
-
SHA1
53f1007ec62fe1d554b6681eff63c37f9bcd6d8d
-
SHA256
a7250968f0756bdf6eb6c2662ea64c9e944e1dbd78cf53e5444e835d0fc47ba2
-
SHA512
384799689e03f2f567e0b7273632a863ad5e15dbfe75038ea4bcb8eef3e5eb0425e770253ab518c3223175bc68248f6efe8656d04c140510b59813633ebcb026
-
SSDEEP
1536:LMpZhSk82kttWsMbxCbp1Zped9aZ6EaM8PkXVeNsV5kLsPHQbu:LMvQtWjt6peyZ7DXVJVviu
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-