General
-
Target
a3592693bf98d11182e83ed40779c3a1.exe
-
Size
14.0MB
-
Sample
240107-x18l4accdr
-
MD5
a3592693bf98d11182e83ed40779c3a1
-
SHA1
c19e3a35d2b90f2099f34caffdaab6e14d4488d4
-
SHA256
916264a72ba7e6ab72941fadd14604649ac8afe6865c755ae32528cd8e20f9a4
-
SHA512
e557ed6c28577ab66c830e9a02ba4edc238a7e555f0fac47b7a3afad98523ade9acda9325d6959ad5bb9bba794c2354db9dfc1131d7136f87deb733f2d0baf75
-
SSDEEP
49152:oaafPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP:o
Static task
static1
Behavioral task
behavioral1
Sample
a3592693bf98d11182e83ed40779c3a1.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
a3592693bf98d11182e83ed40779c3a1.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
tofsee
43.231.4.6
lazystax.ru
Targets
-
-
Target
a3592693bf98d11182e83ed40779c3a1.exe
-
Size
14.0MB
-
MD5
a3592693bf98d11182e83ed40779c3a1
-
SHA1
c19e3a35d2b90f2099f34caffdaab6e14d4488d4
-
SHA256
916264a72ba7e6ab72941fadd14604649ac8afe6865c755ae32528cd8e20f9a4
-
SHA512
e557ed6c28577ab66c830e9a02ba4edc238a7e555f0fac47b7a3afad98523ade9acda9325d6959ad5bb9bba794c2354db9dfc1131d7136f87deb733f2d0baf75
-
SSDEEP
49152:oaafPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP:o
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2