General
-
Target
962f61d2ed1878ba0f3ead81abb88b57a89504348399539194b7c8f35321b35b
-
Size
108KB
-
Sample
221203-vgwr3she74
-
MD5
03cad9de17fd5a6d3e76cdd2fcb602fa
-
SHA1
fe07aaf83c3c9e7ccb47dfe9f0d4488241faa057
-
SHA256
962f61d2ed1878ba0f3ead81abb88b57a89504348399539194b7c8f35321b35b
-
SHA512
6b893850e93c1d40fca532968d91a75370079700e21dabe79389b48359b7db5457b80764e34980390ec485bd6ccdf34346bc331cd63b113b4d7a8002017b6732
-
SSDEEP
1536:/O6w3uUlKT5QyiCWXYGbPLtl1Fw/uLeupuMlwWHEFRrKpCdjaX2/:/FGu0KdQyc3t/FguLpEFRrKpUaXM
Static task
static1
Behavioral task
behavioral1
Sample
962f61d2ed1878ba0f3ead81abb88b57a89504348399539194b7c8f35321b35b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
962f61d2ed1878ba0f3ead81abb88b57a89504348399539194b7c8f35321b35b.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
tofsee
188.93.235.142
188.165.132.183
rgtryhbgddtyh.biz
wertdghbyrukl.ch
Targets
-
-
Target
962f61d2ed1878ba0f3ead81abb88b57a89504348399539194b7c8f35321b35b
-
Size
108KB
-
MD5
03cad9de17fd5a6d3e76cdd2fcb602fa
-
SHA1
fe07aaf83c3c9e7ccb47dfe9f0d4488241faa057
-
SHA256
962f61d2ed1878ba0f3ead81abb88b57a89504348399539194b7c8f35321b35b
-
SHA512
6b893850e93c1d40fca532968d91a75370079700e21dabe79389b48359b7db5457b80764e34980390ec485bd6ccdf34346bc331cd63b113b4d7a8002017b6732
-
SSDEEP
1536:/O6w3uUlKT5QyiCWXYGbPLtl1Fw/uLeupuMlwWHEFRrKpCdjaX2/:/FGu0KdQyc3t/FguLpEFRrKpUaXM
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-