General
-
Target
1f42bf2a852fd21496792e9b4ba3ae402d37fae618f6d11f7c7b712924fa6dad
-
Size
177KB
-
Sample
220604-a3t56abhb6
-
MD5
5bc0f9be0a242492d015a44542d8dde3
-
SHA1
1bcb397e94a35522dc1b9f21ba108dfa0d05fe21
-
SHA256
1f42bf2a852fd21496792e9b4ba3ae402d37fae618f6d11f7c7b712924fa6dad
-
SHA512
d7f4e27252c34ce37b2c6b03ef78c52c146b32d3376675c0b7b4fa66649deb6f28d8fbc6d8316503f0432c0f5c309298bf55a8edc3ae032ae449c2dd721799a0
Static task
static1
Behavioral task
behavioral1
Sample
1f42bf2a852fd21496792e9b4ba3ae402d37fae618f6d11f7c7b712924fa6dad.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
1f42bf2a852fd21496792e9b4ba3ae402d37fae618f6d11f7c7b712924fa6dad
-
Size
177KB
-
MD5
5bc0f9be0a242492d015a44542d8dde3
-
SHA1
1bcb397e94a35522dc1b9f21ba108dfa0d05fe21
-
SHA256
1f42bf2a852fd21496792e9b4ba3ae402d37fae618f6d11f7c7b712924fa6dad
-
SHA512
d7f4e27252c34ce37b2c6b03ef78c52c146b32d3376675c0b7b4fa66649deb6f28d8fbc6d8316503f0432c0f5c309298bf55a8edc3ae032ae449c2dd721799a0
Score10/10-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-