General
-
Target
e0f97ed6e648c36da3679f4d7a3491ec
-
Size
13.3MB
-
Sample
240327-g376caed88
-
MD5
e0f97ed6e648c36da3679f4d7a3491ec
-
SHA1
e506bcefa0583fcb1e3d47db07557c3b0645fd89
-
SHA256
fffbb45151fe91ae3e85d1df39e46cd8130479779dee645e9365049356f15e95
-
SHA512
095330021e3c90c47a9ce3dd8642bc046fafeb6247bb60ade6af7fe57d27a5c5e1505a5e4516f21226d7d98c90c28b91bc5cc3c5a90f18200a2085c1276655bf
-
SSDEEP
98304:311111111111111111111111111111111111111111111111111111111111111/:
Static task
static1
Behavioral task
behavioral1
Sample
e0f97ed6e648c36da3679f4d7a3491ec.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e0f97ed6e648c36da3679f4d7a3491ec.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
e0f97ed6e648c36da3679f4d7a3491ec
-
Size
13.3MB
-
MD5
e0f97ed6e648c36da3679f4d7a3491ec
-
SHA1
e506bcefa0583fcb1e3d47db07557c3b0645fd89
-
SHA256
fffbb45151fe91ae3e85d1df39e46cd8130479779dee645e9365049356f15e95
-
SHA512
095330021e3c90c47a9ce3dd8642bc046fafeb6247bb60ade6af7fe57d27a5c5e1505a5e4516f21226d7d98c90c28b91bc5cc3c5a90f18200a2085c1276655bf
-
SSDEEP
98304:311111111111111111111111111111111111111111111111111111111111111/:
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2