General
-
Target
b8332866db45bf85ed517c599eaafe54.zip
-
Size
167KB
-
Sample
240901-t6x6rswcrq
-
MD5
340dc1520913fd67a090b1d681dfe4a1
-
SHA1
d743b4e97e4aba9f3975cd0508566a1d7720455f
-
SHA256
6b6a8ff2f3276c603a55155cc67b5cd98c6d04b16c422201d8e0c77c411c6f63
-
SHA512
8d66114382efee3354eab03b35dc0e0dacd65d3566beb9ee7c7e0ab717908b5e151ba801dbf950d5e2b36fa18f153710d0efe5391db4bd2277e35b5a1932c258
-
SSDEEP
3072:7P2FSIb/Ai3ZvkKEsqtICoEcriJ6aOKcDSUlN/JK3g5dspdZaNgp+XIZ:nITAi9eICyrxz7lNE7dSgp+XM
Static task
static1
Behavioral task
behavioral1
Sample
f365d1d600ccc20bde31b7db1fd7a815b73087c9e46676e0d398289af7b7bb71.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
f365d1d600ccc20bde31b7db1fd7a815b73087c9e46676e0d398289af7b7bb71.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
f365d1d600ccc20bde31b7db1fd7a815b73087c9e46676e0d398289af7b7bb71
-
Size
11.7MB
-
MD5
b8332866db45bf85ed517c599eaafe54
-
SHA1
f86726a6a85f613e15066a7ad77cef942e3c9d28
-
SHA256
f365d1d600ccc20bde31b7db1fd7a815b73087c9e46676e0d398289af7b7bb71
-
SHA512
b95ac93c7487fada804562e98f8e5db4902ab3195236c71cfa171732071d4601ce479b6eed519f61a0724a47d6cda7f9d397285c265b2c9bfb7d143ba8ef1425
-
SSDEEP
3072:qoiqjV0QCeV75zMwb2EfDXTBrt0c5f+Z7ApWt+0krytpObPUfAGM4H1M4CjiJNx4:qoiqjWHeV9zthDjBrmA+VkDbSAgQiTx
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
2