General
-
Target
c695e613344c4f66430e5bb19265410c
-
Size
14.6MB
-
Sample
240313-w7cbssed44
-
MD5
c695e613344c4f66430e5bb19265410c
-
SHA1
2005b6d3d59947eb22b0b5a96214f157d85f00be
-
SHA256
31addd4050bbbe12a5ecaf05d183ecb720f3775da9530e0e7d596fb4ba51855f
-
SHA512
1072fec5fd5f3d47e79e64309beb76421eb49ca084097361137664e7c88d4a8fe36320cfe59ad190ef6b0ecbcdd7a49443f5d8ddd42dce796eab8b344a91a933
-
SSDEEP
98304:gNWUlllllllllllllllllllllllllllllllllllllllllllllllllllllllllllL:WW
Static task
static1
Behavioral task
behavioral1
Sample
c695e613344c4f66430e5bb19265410c.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
c695e613344c4f66430e5bb19265410c.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
c695e613344c4f66430e5bb19265410c
-
Size
14.6MB
-
MD5
c695e613344c4f66430e5bb19265410c
-
SHA1
2005b6d3d59947eb22b0b5a96214f157d85f00be
-
SHA256
31addd4050bbbe12a5ecaf05d183ecb720f3775da9530e0e7d596fb4ba51855f
-
SHA512
1072fec5fd5f3d47e79e64309beb76421eb49ca084097361137664e7c88d4a8fe36320cfe59ad190ef6b0ecbcdd7a49443f5d8ddd42dce796eab8b344a91a933
-
SSDEEP
98304:gNWUlllllllllllllllllllllllllllllllllllllllllllllllllllllllllllL:WW
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2