General
-
Target
738814f87c44a9fe2963c3d8a4f335cf12e988a6a46f2437627cb468e3c193df
-
Size
128KB
-
Sample
221202-et3s6ace77
-
MD5
e0817495fcad5e019e645c222667d205
-
SHA1
09f723995470a58ba519efc4d6ebcfad466b7d57
-
SHA256
738814f87c44a9fe2963c3d8a4f335cf12e988a6a46f2437627cb468e3c193df
-
SHA512
d5cb26130c38d64e259f6e89590623e074b16f226bec49681e4afd10ed9e6477802953e3f330a3ee020afc8653bef226bb52f010b7ae56c6fc6d25832f52e593
-
SSDEEP
1536:iQvOWIoFEZDjD1ACzG9wWMoHylbbDhn5WLr2S4a3eJ/8Ikfy6A1dAxAWh:bOKWDjD+UyLaPa3eJ/hr6ArAxAw
Static task
static1
Behavioral task
behavioral1
Sample
738814f87c44a9fe2963c3d8a4f335cf12e988a6a46f2437627cb468e3c193df.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
738814f87c44a9fe2963c3d8a4f335cf12e988a6a46f2437627cb468e3c193df.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
tofsee
103.9.150.14
188.190.120.99
119.1.109.61
188.165.132.183
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
738814f87c44a9fe2963c3d8a4f335cf12e988a6a46f2437627cb468e3c193df
-
Size
128KB
-
MD5
e0817495fcad5e019e645c222667d205
-
SHA1
09f723995470a58ba519efc4d6ebcfad466b7d57
-
SHA256
738814f87c44a9fe2963c3d8a4f335cf12e988a6a46f2437627cb468e3c193df
-
SHA512
d5cb26130c38d64e259f6e89590623e074b16f226bec49681e4afd10ed9e6477802953e3f330a3ee020afc8653bef226bb52f010b7ae56c6fc6d25832f52e593
-
SSDEEP
1536:iQvOWIoFEZDjD1ACzG9wWMoHylbbDhn5WLr2S4a3eJ/8Ikfy6A1dAxAWh:bOKWDjD+UyLaPa3eJ/hr6ArAxAw
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-