General
-
Target
e13dccc93268b6ecfa5ec147bc81de7e
-
Size
10.1MB
-
Sample
240327-khk2vsge34
-
MD5
e13dccc93268b6ecfa5ec147bc81de7e
-
SHA1
af120c84e56bcc74a3b93be96f76cc40804ca701
-
SHA256
bab713fc344881c8e7a7b30a23b43fc8a2b0d21039b36c1691874d35a30dc24d
-
SHA512
c26a7b4f05fe681d39be48c35d65a6956aa4b4a47e4ce03cb40da7de3726ab00bf66bcfc0b7996c86dfd1c99fb1b90ebb1f8f04d3cd83ec54b0e80a569aaf69f
-
SSDEEP
49152:31yvllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll:3A
Static task
static1
Behavioral task
behavioral1
Sample
e13dccc93268b6ecfa5ec147bc81de7e.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
e13dccc93268b6ecfa5ec147bc81de7e.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
e13dccc93268b6ecfa5ec147bc81de7e
-
Size
10.1MB
-
MD5
e13dccc93268b6ecfa5ec147bc81de7e
-
SHA1
af120c84e56bcc74a3b93be96f76cc40804ca701
-
SHA256
bab713fc344881c8e7a7b30a23b43fc8a2b0d21039b36c1691874d35a30dc24d
-
SHA512
c26a7b4f05fe681d39be48c35d65a6956aa4b4a47e4ce03cb40da7de3726ab00bf66bcfc0b7996c86dfd1c99fb1b90ebb1f8f04d3cd83ec54b0e80a569aaf69f
-
SSDEEP
49152:31yvllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll:3A
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2