General
-
Target
5d7855d336804c56bc14fc11ce5133fd
-
Size
10.7MB
-
Sample
231226-jmzv5sdeen
-
MD5
5d7855d336804c56bc14fc11ce5133fd
-
SHA1
c8db5f8830ec39913013d910f9afa2ac6576824b
-
SHA256
beafdf839cbd8cf0f902ea644bd4c41b33a63b47d0ca6f89fb9a8dccadf28b00
-
SHA512
3b068492a11e15853d23d4d70abae6f9180d28534476941894edb03754ed83a2ca70d062671581594e88fb2f581cd94341323fda00703808047a2cbd31bab32f
-
SSDEEP
98304:DNWUlllllllllllllllllllllllllllllllllllllllllllllllllllllllllllB:hW
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
5d7855d336804c56bc14fc11ce5133fd
-
Size
10.7MB
-
MD5
5d7855d336804c56bc14fc11ce5133fd
-
SHA1
c8db5f8830ec39913013d910f9afa2ac6576824b
-
SHA256
beafdf839cbd8cf0f902ea644bd4c41b33a63b47d0ca6f89fb9a8dccadf28b00
-
SHA512
3b068492a11e15853d23d4d70abae6f9180d28534476941894edb03754ed83a2ca70d062671581594e88fb2f581cd94341323fda00703808047a2cbd31bab32f
-
SSDEEP
98304:DNWUlllllllllllllllllllllllllllllllllllllllllllllllllllllllllllB:hW
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Creates new service(s)
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-