General
-
Target
c43d854fcf796987e1c818dbdebdedb7
-
Size
12.7MB
-
Sample
240312-155b1scb8v
-
MD5
c43d854fcf796987e1c818dbdebdedb7
-
SHA1
70c3575704a32be2977029aa4828ff07900a9c17
-
SHA256
3879b860225989ad53a9f72a30004dc820b6a4052c2d3abafb3d898ca75546ea
-
SHA512
57c9337232bb511ba10f2adadccd4dfbbc0a06c9745fb141f59010792b0b963014529907ae8ac2fd8eba22de6b1cab6bbb4452969e87254a875d7f7788ec7e18
-
SSDEEP
49152:Dc67fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffP:Dc6
Static task
static1
Behavioral task
behavioral1
Sample
c43d854fcf796987e1c818dbdebdedb7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c43d854fcf796987e1c818dbdebdedb7.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
tofsee
43.231.4.6
lazystax.ru
Targets
-
-
Target
c43d854fcf796987e1c818dbdebdedb7
-
Size
12.7MB
-
MD5
c43d854fcf796987e1c818dbdebdedb7
-
SHA1
70c3575704a32be2977029aa4828ff07900a9c17
-
SHA256
3879b860225989ad53a9f72a30004dc820b6a4052c2d3abafb3d898ca75546ea
-
SHA512
57c9337232bb511ba10f2adadccd4dfbbc0a06c9745fb141f59010792b0b963014529907ae8ac2fd8eba22de6b1cab6bbb4452969e87254a875d7f7788ec7e18
-
SSDEEP
49152:Dc67fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffP:Dc6
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2