General
-
Target
17d263eaaf2f1373b41cb0c3ff9aa26f.zip
-
Size
180KB
-
Sample
240903-j4ayca1hpk
-
MD5
7260d1c3ead6f077a20309a14d998fe8
-
SHA1
af98c6a49aec25177f191f7ed7e51a9ece3fb438
-
SHA256
ba3ef7babf3b82246dc4dc48f1eeb989900db9021618a3ef86b6d2dfc2436c72
-
SHA512
af77a7f91870b122166dd71dc190e3b697eb03ad8da5ff2fd9c54a1d4bfbb7aeae0a77c515eb4a45d822e951d1c19224f8ea9dda5cd922ef77480264be125c80
-
SSDEEP
3072:0ggg/GVE8q2U8GwaUZgk05ylRTkdP6exMVmyH++gBywCGriWrpWVg:0jgmHR0wJghU9kd6Bwye+6y/Gr7b
Static task
static1
Behavioral task
behavioral1
Sample
d66f7617e71ecb9018ac3b943fec478f558413433d3219031af14dcaa590ea76.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d66f7617e71ecb9018ac3b943fec478f558413433d3219031af14dcaa590ea76.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
tofsee
quadoil.ru
lakeflex.ru
Targets
-
-
Target
d66f7617e71ecb9018ac3b943fec478f558413433d3219031af14dcaa590ea76
-
Size
12.9MB
-
MD5
17d263eaaf2f1373b41cb0c3ff9aa26f
-
SHA1
11711ac0749600ae84192fc38141b205b7388399
-
SHA256
d66f7617e71ecb9018ac3b943fec478f558413433d3219031af14dcaa590ea76
-
SHA512
8f0b335a3172dc0e1d9eef54ef3f7c968d8dc9d2fba5d4931e47fd43346ff29a9b457cc40d161e1c5100d691817c0f6e8400a75fdbf62a90c00ebf439f219df3
-
SSDEEP
49152:8P1IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIf:
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
2