General
-
Target
supvobl.exe
-
Size
12.5MB
-
Sample
230123-m5z6eaef4s
-
MD5
be286c784044379ca9a6ca6e7211a29f
-
SHA1
bf8010a0e4b7ae88095bd9ee303707f4c0da549e
-
SHA256
d05cd710559cb6a23a84f44bfe88b91582862c7d70134cf71807ae0c49964993
-
SHA512
862e1beffa2cd58cd606a9edf2be79a03ca4a93f2edd6528e91eed2f68ad889e2e76dd43f164cd8f7eb02567504cbcf9581f730177f841a3e5a0298b48674b13
-
SSDEEP
24576:P7hE7hE7hE7hE7hE7hE7hE7hE7hE7hE7hE7hE7hE7hE7hE7hE7hE7hE7hE7hE7hg:
Static task
static1
Behavioral task
behavioral1
Sample
supvobl.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
supvobl.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
supvobl.exe
-
Size
12.5MB
-
MD5
be286c784044379ca9a6ca6e7211a29f
-
SHA1
bf8010a0e4b7ae88095bd9ee303707f4c0da549e
-
SHA256
d05cd710559cb6a23a84f44bfe88b91582862c7d70134cf71807ae0c49964993
-
SHA512
862e1beffa2cd58cd606a9edf2be79a03ca4a93f2edd6528e91eed2f68ad889e2e76dd43f164cd8f7eb02567504cbcf9581f730177f841a3e5a0298b48674b13
-
SSDEEP
24576:P7hE7hE7hE7hE7hE7hE7hE7hE7hE7hE7hE7hE7hE7hE7hE7hE7hE7hE7hE7hE7hg:
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-