General
-
Target
e806462cc9b9083845225d415fbb779913b0748af1c77e8ab89c97507abb2c93
-
Size
106KB
-
Sample
221203-nwrncabd9w
-
MD5
18629aaac6b8984593d1ced0ffb8fc10
-
SHA1
3fc5119bad166f278a359cb3d9d481824f079f3a
-
SHA256
e806462cc9b9083845225d415fbb779913b0748af1c77e8ab89c97507abb2c93
-
SHA512
8e94dbd9434b88df150303c0411a5be733269eef004eca3c0cbe0c5f6bf3e0555b97e47855673daaa59ec03484b08b1cd1fc3941a576faffc0afc52d7eb09877
-
SSDEEP
1536:eIeLZhSkE2kNt7bmAgMmL+aogkP/BIEM6TWe/+uQe3iIql89:eIe9It75sLVm5HM6TZNSIq29
Static task
static1
Behavioral task
behavioral1
Sample
e806462cc9b9083845225d415fbb779913b0748af1c77e8ab89c97507abb2c93.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e806462cc9b9083845225d415fbb779913b0748af1c77e8ab89c97507abb2c93.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
tofsee
188.93.235.142
188.165.132.183
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
e806462cc9b9083845225d415fbb779913b0748af1c77e8ab89c97507abb2c93
-
Size
106KB
-
MD5
18629aaac6b8984593d1ced0ffb8fc10
-
SHA1
3fc5119bad166f278a359cb3d9d481824f079f3a
-
SHA256
e806462cc9b9083845225d415fbb779913b0748af1c77e8ab89c97507abb2c93
-
SHA512
8e94dbd9434b88df150303c0411a5be733269eef004eca3c0cbe0c5f6bf3e0555b97e47855673daaa59ec03484b08b1cd1fc3941a576faffc0afc52d7eb09877
-
SSDEEP
1536:eIeLZhSkE2kNt7bmAgMmL+aogkP/BIEM6TWe/+uQe3iIql89:eIe9It75sLVm5HM6TZNSIq29
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-