General
-
Target
e2353ed9c7720f67e8b87c586bc44c90
-
Size
12.0MB
-
Sample
240327-v32v8ahb32
-
MD5
e2353ed9c7720f67e8b87c586bc44c90
-
SHA1
4ffae8ea0b829e27a72122268701dea2ade892d7
-
SHA256
fe89666f6b4946494f28334fd92fb7a0b2d76f8da171cafa2a2d90d4b418ad19
-
SHA512
926bc376d45888a4a13a839b03aa72a18b7ce481e9986b963242e562ecbc5d76d8c34d9eb29fe7755549e133e6252b2d724add4dcec28f386d27153365567b09
-
SSDEEP
98304:zjhd88888888888888888888888888888888888888888888888888888888888c:z
Static task
static1
Behavioral task
behavioral1
Sample
e2353ed9c7720f67e8b87c586bc44c90.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e2353ed9c7720f67e8b87c586bc44c90.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
tofsee
176.111.174.19
lazystax.ru
Targets
-
-
Target
e2353ed9c7720f67e8b87c586bc44c90
-
Size
12.0MB
-
MD5
e2353ed9c7720f67e8b87c586bc44c90
-
SHA1
4ffae8ea0b829e27a72122268701dea2ade892d7
-
SHA256
fe89666f6b4946494f28334fd92fb7a0b2d76f8da171cafa2a2d90d4b418ad19
-
SHA512
926bc376d45888a4a13a839b03aa72a18b7ce481e9986b963242e562ecbc5d76d8c34d9eb29fe7755549e133e6252b2d724add4dcec28f386d27153365567b09
-
SSDEEP
98304:zjhd88888888888888888888888888888888888888888888888888888888888c:z
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2