General
-
Target
d3bba24a43c02f7e90c13981e0fba6551e414159ab5a8f066cf44803177a5cce
-
Size
166KB
-
Sample
240903-l5f7vsvdpc
-
MD5
9891680e4a54746ff41a3a6f86cb1d29
-
SHA1
bb1c2be3030ff0cdeadf327fcbd6ffd5b77a7db9
-
SHA256
d3bba24a43c02f7e90c13981e0fba6551e414159ab5a8f066cf44803177a5cce
-
SHA512
275ade6e970aadcff91996ab72390f83714a5312210336e68abb2b923a569b0c9649c3505ecd4d739cf85074e2f299e55cd457489c4f6aaf4095c229e4187ebc
-
SSDEEP
3072:dt01ypeVMa6JiuB3wprjG50lVS/BmwDgiuF8XbDEh0olLydO2eFAS9bfJ0zl/z:auiuB3SHG5uyswUGOXtdFASV6z9z
Static task
static1
Behavioral task
behavioral1
Sample
78ffb37d0d83a6cab5ffda39feca2226b7313e14cf2591742a713cbbf4346ef5.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
78ffb37d0d83a6cab5ffda39feca2226b7313e14cf2591742a713cbbf4346ef5.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
tofsee
defeatwax.ru
refabyd.info
Targets
-
-
Target
78ffb37d0d83a6cab5ffda39feca2226b7313e14cf2591742a713cbbf4346ef5
-
Size
11.3MB
-
MD5
e465df146e4a00ed2e4a0d941003a13c
-
SHA1
451f1f0877d638646261a730de87929f01debf68
-
SHA256
78ffb37d0d83a6cab5ffda39feca2226b7313e14cf2591742a713cbbf4346ef5
-
SHA512
39151020dc52e537ae0333a2a317f70406f9da72fb9013fd49358cb71a39fabc5c267e0fb19d2e28dc2fa221b218857b9dc03320f64b03e99fb31a615cc06983
-
SSDEEP
3072:NoiqjV0QCeV75zMwb2EfDXTBrt0c5f+Z7ApWt+0krytpObPUfAGM4H1M4CjiJNx4:NoiqjWHeV9zthDjBrmA+VkDbSAgQiTx
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
2