General
-
Target
aeaf7fd570ff3c124aec94c810a13e2c2b59485200074e478d2cfe5cd192056f
-
Size
116KB
-
Sample
221203-ssaymsca63
-
MD5
326c0ed1d49c9ebe75e8cf29ced92a60
-
SHA1
f83920f7c8cb64bc72074d5c7cac3be7c2598002
-
SHA256
aeaf7fd570ff3c124aec94c810a13e2c2b59485200074e478d2cfe5cd192056f
-
SHA512
7610d7650ad2b0cded5b6efc5365a260dc7b5229c7f20ba3556c416203906adf870488ed018a520b0bb0ddf2d433ee64014ff34fbf9f3ddd5701deec56e6e91f
-
SSDEEP
3072:OFj7IcGTdNUNSM3epEOMPvrDS2jbxWGqjOA:OR7JGbUNSEOMPjDSbGqKA
Static task
static1
Behavioral task
behavioral1
Sample
aeaf7fd570ff3c124aec94c810a13e2c2b59485200074e478d2cfe5cd192056f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
aeaf7fd570ff3c124aec94c810a13e2c2b59485200074e478d2cfe5cd192056f.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
tofsee
91.218.39.211
188.130.237.44
91.204.162.103
188.165.132.183
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
aeaf7fd570ff3c124aec94c810a13e2c2b59485200074e478d2cfe5cd192056f
-
Size
116KB
-
MD5
326c0ed1d49c9ebe75e8cf29ced92a60
-
SHA1
f83920f7c8cb64bc72074d5c7cac3be7c2598002
-
SHA256
aeaf7fd570ff3c124aec94c810a13e2c2b59485200074e478d2cfe5cd192056f
-
SHA512
7610d7650ad2b0cded5b6efc5365a260dc7b5229c7f20ba3556c416203906adf870488ed018a520b0bb0ddf2d433ee64014ff34fbf9f3ddd5701deec56e6e91f
-
SSDEEP
3072:OFj7IcGTdNUNSM3epEOMPvrDS2jbxWGqjOA:OR7JGbUNSEOMPjDSbGqKA
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-