General
-
Target
ddeaca50e21813ebb8ee743cca315e0f1d7a05900d4369b652f68f5baeaa6f38
-
Size
167KB
-
Sample
221125-16rgjsdg8v
-
MD5
068af12a4fde5998014522a0e8eaeb06
-
SHA1
e51abb1d6ef5a889b398a670c60f20cec46f7f95
-
SHA256
ddeaca50e21813ebb8ee743cca315e0f1d7a05900d4369b652f68f5baeaa6f38
-
SHA512
9b931733b2b6a478d639aa5cca89e36fe37d3a225277e985ae845a8362bd14186e59f879435ecd3a975010df752c9e8e9c8cedf62a760c87246383e22bdad71c
-
SSDEEP
3072:zBl9IavvucboHS5J1VQErTHNXrDDJkbV5vw:h/HLboi/QEPVDlkB
Static task
static1
Behavioral task
behavioral1
Sample
ddeaca50e21813ebb8ee743cca315e0f1d7a05900d4369b652f68f5baeaa6f38.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
ddeaca50e21813ebb8ee743cca315e0f1d7a05900d4369b652f68f5baeaa6f38
-
Size
167KB
-
MD5
068af12a4fde5998014522a0e8eaeb06
-
SHA1
e51abb1d6ef5a889b398a670c60f20cec46f7f95
-
SHA256
ddeaca50e21813ebb8ee743cca315e0f1d7a05900d4369b652f68f5baeaa6f38
-
SHA512
9b931733b2b6a478d639aa5cca89e36fe37d3a225277e985ae845a8362bd14186e59f879435ecd3a975010df752c9e8e9c8cedf62a760c87246383e22bdad71c
-
SSDEEP
3072:zBl9IavvucboHS5J1VQErTHNXrDDJkbV5vw:h/HLboi/QEPVDlkB
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-