General
-
Target
23922e5ee3a9ff743df4b5f29cb099c6e7ab41d64ffb4123b8a8fde439f5b012
-
Size
12.1MB
-
Sample
240511-j8m4gage3w
-
MD5
db1af63eff5afab4bede9ffd3886b91a
-
SHA1
5030c06972023757b7d001fa12b02aadc07c3054
-
SHA256
23922e5ee3a9ff743df4b5f29cb099c6e7ab41d64ffb4123b8a8fde439f5b012
-
SHA512
97632ddd6e8efa10bfc648500fe39ac4f9650fc512a763b86a454a03c8512450dfef0156b925ee30ea30e5b617ac13810e3d8c90f4accfc9ccf9b9a99d88a62c
-
SSDEEP
196608:WT66666666666666666666666666666666666666666666666666666666666662:W
Static task
static1
Behavioral task
behavioral1
Sample
23922e5ee3a9ff743df4b5f29cb099c6e7ab41d64ffb4123b8a8fde439f5b012.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
23922e5ee3a9ff743df4b5f29cb099c6e7ab41d64ffb4123b8a8fde439f5b012.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
23922e5ee3a9ff743df4b5f29cb099c6e7ab41d64ffb4123b8a8fde439f5b012
-
Size
12.1MB
-
MD5
db1af63eff5afab4bede9ffd3886b91a
-
SHA1
5030c06972023757b7d001fa12b02aadc07c3054
-
SHA256
23922e5ee3a9ff743df4b5f29cb099c6e7ab41d64ffb4123b8a8fde439f5b012
-
SHA512
97632ddd6e8efa10bfc648500fe39ac4f9650fc512a763b86a454a03c8512450dfef0156b925ee30ea30e5b617ac13810e3d8c90f4accfc9ccf9b9a99d88a62c
-
SSDEEP
196608:WT66666666666666666666666666666666666666666666666666666666666662:W
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2