General
-
Target
abaf7e2ac8aedf2229f1062d84a4796b.exe
-
Size
10.4MB
-
Sample
240107-ychlfacgbl
-
MD5
abaf7e2ac8aedf2229f1062d84a4796b
-
SHA1
fa7bba090f7be8eb31875691ad1a2e758e0ff7fd
-
SHA256
b438d5185a63d31957c98eb93d9c1f5ca1b90650a248da0bc24fc5550a03eb42
-
SHA512
f0faa9c7b7449974817cd18cc0b40848d42932c2fb2fb8113a14d7f69ea8c7851e209af253cb4c9d7db803b6cf3d8521703ca8d40d490736a567636ac7931c68
-
SSDEEP
6144:4bQYwYzITzPu4Dw4A+xhmvM2MiApS12tapJ1gyEUtdkKri:ywoI3Pu4Dw4A++E2MiAm2tapJfXyl
Static task
static1
Behavioral task
behavioral1
Sample
abaf7e2ac8aedf2229f1062d84a4796b.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
abaf7e2ac8aedf2229f1062d84a4796b.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
tofsee
43.231.4.6
lazystax.ru
Targets
-
-
Target
abaf7e2ac8aedf2229f1062d84a4796b.exe
-
Size
10.4MB
-
MD5
abaf7e2ac8aedf2229f1062d84a4796b
-
SHA1
fa7bba090f7be8eb31875691ad1a2e758e0ff7fd
-
SHA256
b438d5185a63d31957c98eb93d9c1f5ca1b90650a248da0bc24fc5550a03eb42
-
SHA512
f0faa9c7b7449974817cd18cc0b40848d42932c2fb2fb8113a14d7f69ea8c7851e209af253cb4c9d7db803b6cf3d8521703ca8d40d490736a567636ac7931c68
-
SSDEEP
6144:4bQYwYzITzPu4Dw4A+xhmvM2MiApS12tapJ1gyEUtdkKri:ywoI3Pu4Dw4A++E2MiAm2tapJfXyl
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2