General
-
Target
c385a5d52248b9dc7e863b4ecabd5413
-
Size
10.8MB
-
Sample
240312-q4g5zscc64
-
MD5
c385a5d52248b9dc7e863b4ecabd5413
-
SHA1
54e6892eb63999cd3c7fa286d72b9f5c18994193
-
SHA256
8f6388694e21aae6ee97c0b8414287ea265def0b0b39737b4449662280d5fe8e
-
SHA512
87c6d9cac46f556d8feba31caf34a58de58e5da7175b13578c2a38f3e3ac756b7b91a6340607d438e57b949c5dee52d206bfd4d0f629cf69e48c62b9a63d85f0
-
SSDEEP
98304:Ajhd888888888888888888888888888888888888888888888888888888888880:A
Static task
static1
Behavioral task
behavioral1
Sample
c385a5d52248b9dc7e863b4ecabd5413.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
c385a5d52248b9dc7e863b4ecabd5413.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
tofsee
176.111.174.19
lazystax.ru
Targets
-
-
Target
c385a5d52248b9dc7e863b4ecabd5413
-
Size
10.8MB
-
MD5
c385a5d52248b9dc7e863b4ecabd5413
-
SHA1
54e6892eb63999cd3c7fa286d72b9f5c18994193
-
SHA256
8f6388694e21aae6ee97c0b8414287ea265def0b0b39737b4449662280d5fe8e
-
SHA512
87c6d9cac46f556d8feba31caf34a58de58e5da7175b13578c2a38f3e3ac756b7b91a6340607d438e57b949c5dee52d206bfd4d0f629cf69e48c62b9a63d85f0
-
SSDEEP
98304:Ajhd888888888888888888888888888888888888888888888888888888888880:A
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2