General
-
Target
c6688c75d02f8d5f5674b178401b4394
-
Size
12.6MB
-
Sample
240313-vhzkcscb73
-
MD5
c6688c75d02f8d5f5674b178401b4394
-
SHA1
fbeb9c5f569e69cdf3821a2c044dbb0034a3bf07
-
SHA256
499b636c7dd9cae198d84e67938f37128f745afa5dee546e92111feb9e279ea7
-
SHA512
246a0078f2519e9201b6578b3077a692178a9fc53136d2a096ca72b1a5202b378faf71716bb668e45b786366be09db9db0437e5ec9996192d059ba08bcd37636
-
SSDEEP
98304:UNWUlllllllllllllllllllllllllllllllllllllllllllllllllllllllllll3:CW
Static task
static1
Behavioral task
behavioral1
Sample
c6688c75d02f8d5f5674b178401b4394.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c6688c75d02f8d5f5674b178401b4394.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
c6688c75d02f8d5f5674b178401b4394
-
Size
12.6MB
-
MD5
c6688c75d02f8d5f5674b178401b4394
-
SHA1
fbeb9c5f569e69cdf3821a2c044dbb0034a3bf07
-
SHA256
499b636c7dd9cae198d84e67938f37128f745afa5dee546e92111feb9e279ea7
-
SHA512
246a0078f2519e9201b6578b3077a692178a9fc53136d2a096ca72b1a5202b378faf71716bb668e45b786366be09db9db0437e5ec9996192d059ba08bcd37636
-
SSDEEP
98304:UNWUlllllllllllllllllllllllllllllllllllllllllllllllllllllllllll3:CW
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2