General
-
Target
c768addec07d2c59e940ab729f09c9e3c346bb7cd633a5ab351eb5bda695714c
-
Size
189KB
-
Sample
221203-bjc8zaeg8x
-
MD5
eeb7e6c7f4ab9c7830b11f7fd7fd2011
-
SHA1
beb0384bd419447ab753de454e8d071923928e98
-
SHA256
c768addec07d2c59e940ab729f09c9e3c346bb7cd633a5ab351eb5bda695714c
-
SHA512
ed7c18c625baa2aa36987dc23ecb56434d473e8fe060b6cecd2e3f043a923fa0cece81e442471271ec9d282042b0dd1cd0dd6abd7ca70aa01b6afe5186fae208
-
SSDEEP
3072:w7F7r/UFftCzKka2Y2dMOSbSl8+pOW3jfSgDdB:88F2BdbjbbjzDf
Static task
static1
Behavioral task
behavioral1
Sample
c768addec07d2c59e940ab729f09c9e3c346bb7cd633a5ab351eb5bda695714c.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c768addec07d2c59e940ab729f09c9e3c346bb7cd633a5ab351eb5bda695714c.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
tofsee
91.121.4.118
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
c768addec07d2c59e940ab729f09c9e3c346bb7cd633a5ab351eb5bda695714c
-
Size
189KB
-
MD5
eeb7e6c7f4ab9c7830b11f7fd7fd2011
-
SHA1
beb0384bd419447ab753de454e8d071923928e98
-
SHA256
c768addec07d2c59e940ab729f09c9e3c346bb7cd633a5ab351eb5bda695714c
-
SHA512
ed7c18c625baa2aa36987dc23ecb56434d473e8fe060b6cecd2e3f043a923fa0cece81e442471271ec9d282042b0dd1cd0dd6abd7ca70aa01b6afe5186fae208
-
SSDEEP
3072:w7F7r/UFftCzKka2Y2dMOSbSl8+pOW3jfSgDdB:88F2BdbjbbjzDf
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-