General
-
Target
ceb360ed69a57156c767489d2f39a3b1028e65c13895a7e1594d4f5f054a89b8
-
Size
309KB
-
Sample
220620-kb15hadge4
-
MD5
2aebc54d7b396da27fd16ec29086e95c
-
SHA1
ac920d32eb475b31c9a304a372b172a1a8d8f8d2
-
SHA256
ceb360ed69a57156c767489d2f39a3b1028e65c13895a7e1594d4f5f054a89b8
-
SHA512
f521ce16ee2541301f5f7bfafdf80d5ae4f832e5df5b5ba16ae9a5c638b22af3a86ad8c47f804b1db05c772b395dd7b304fc19916bb940751f42281f929065c1
Static task
static1
Behavioral task
behavioral1
Sample
ceb360ed69a57156c767489d2f39a3b1028e65c13895a7e1594d4f5f054a89b8.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
ceb360ed69a57156c767489d2f39a3b1028e65c13895a7e1594d4f5f054a89b8
-
Size
309KB
-
MD5
2aebc54d7b396da27fd16ec29086e95c
-
SHA1
ac920d32eb475b31c9a304a372b172a1a8d8f8d2
-
SHA256
ceb360ed69a57156c767489d2f39a3b1028e65c13895a7e1594d4f5f054a89b8
-
SHA512
f521ce16ee2541301f5f7bfafdf80d5ae4f832e5df5b5ba16ae9a5c638b22af3a86ad8c47f804b1db05c772b395dd7b304fc19916bb940751f42281f929065c1
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-