General
-
Target
c457abcb7f14cd3033a741382dd750da
-
Size
11.9MB
-
Sample
240312-25z8qsfe47
-
MD5
c457abcb7f14cd3033a741382dd750da
-
SHA1
4079f54d9a97ff9953810c5d4a1aa05debb19159
-
SHA256
1993bc101701b81d7754cc246f8b09adc4478d51444a95b9abba6001350d2dcf
-
SHA512
613454d23d0e8b717fced50f35ca529b65cae41f7189a43571206cbd299cc917f2ac86ce5a2b34900348a51d61facf9d3e41908a01b4a6b6bb6e53895349a4ca
-
SSDEEP
6144:P0+ogoEtmYSAekxvC0J6xPFNAgbx/ektPses9zWTPGtYtYtYtYtYtYtYtYtYtYtf:Bogo0Pekxvs1F2S/TtmpWr
Static task
static1
Behavioral task
behavioral1
Sample
c457abcb7f14cd3033a741382dd750da.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c457abcb7f14cd3033a741382dd750da.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
c457abcb7f14cd3033a741382dd750da
-
Size
11.9MB
-
MD5
c457abcb7f14cd3033a741382dd750da
-
SHA1
4079f54d9a97ff9953810c5d4a1aa05debb19159
-
SHA256
1993bc101701b81d7754cc246f8b09adc4478d51444a95b9abba6001350d2dcf
-
SHA512
613454d23d0e8b717fced50f35ca529b65cae41f7189a43571206cbd299cc917f2ac86ce5a2b34900348a51d61facf9d3e41908a01b4a6b6bb6e53895349a4ca
-
SSDEEP
6144:P0+ogoEtmYSAekxvC0J6xPFNAgbx/ektPses9zWTPGtYtYtYtYtYtYtYtYtYtYtf:Bogo0Pekxvs1F2S/TtmpWr
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2