General
-
Target
e10ffbe71bdc15144ad89672cebb1bf3
-
Size
10.6MB
-
Sample
240327-hteywaaa6x
-
MD5
e10ffbe71bdc15144ad89672cebb1bf3
-
SHA1
4e6201d65209e419a4370f0acaa840ec52819dee
-
SHA256
6639002556711a082dae6122ae5ea47e23b19cfd8364f79882ae09a9d435565d
-
SHA512
60a60e077c863359b7fd2b5de7cd3977605ab4ab7f50525d277cd7a5e72a9dc69d717537ef6d5814b2cb8d6da26f87e2b5fdfa398cc6bbf7a86b974dac6c9f3d
-
SSDEEP
49152:Qc67ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff:Qc6
Static task
static1
Behavioral task
behavioral1
Sample
e10ffbe71bdc15144ad89672cebb1bf3.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
e10ffbe71bdc15144ad89672cebb1bf3.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
tofsee
43.231.4.6
lazystax.ru
Targets
-
-
Target
e10ffbe71bdc15144ad89672cebb1bf3
-
Size
10.6MB
-
MD5
e10ffbe71bdc15144ad89672cebb1bf3
-
SHA1
4e6201d65209e419a4370f0acaa840ec52819dee
-
SHA256
6639002556711a082dae6122ae5ea47e23b19cfd8364f79882ae09a9d435565d
-
SHA512
60a60e077c863359b7fd2b5de7cd3977605ab4ab7f50525d277cd7a5e72a9dc69d717537ef6d5814b2cb8d6da26f87e2b5fdfa398cc6bbf7a86b974dac6c9f3d
-
SSDEEP
49152:Qc67ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff:Qc6
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2