General
-
Target
3c77933f76d009d8d87b6a029c201f24
-
Size
10.4MB
-
Sample
231225-zrbl4sdcd5
-
MD5
3c77933f76d009d8d87b6a029c201f24
-
SHA1
164ed8e356a26a4790a453b3867808ccb2362b21
-
SHA256
4a52a76a61e432707da8c37f1cafa6ea664e4f2750b6ad604b0343c68f0542a7
-
SHA512
76cd7454cc9d46f8ff562b88b71df1591dd88f4683ed1db5973261a00c18f2f59535965454c784db7982e1ad8db867b4799079a5637c44e6d66d555c9c3bf79f
-
SSDEEP
98304:xNWUlllllllllllllllllllllllllllllllllllllllllllllllllllllllllllj:HW
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
3c77933f76d009d8d87b6a029c201f24
-
Size
10.4MB
-
MD5
3c77933f76d009d8d87b6a029c201f24
-
SHA1
164ed8e356a26a4790a453b3867808ccb2362b21
-
SHA256
4a52a76a61e432707da8c37f1cafa6ea664e4f2750b6ad604b0343c68f0542a7
-
SHA512
76cd7454cc9d46f8ff562b88b71df1591dd88f4683ed1db5973261a00c18f2f59535965454c784db7982e1ad8db867b4799079a5637c44e6d66d555c9c3bf79f
-
SSDEEP
98304:xNWUlllllllllllllllllllllllllllllllllllllllllllllllllllllllllllj:HW
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Creates new service(s)
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-