General
-
Target
file.exe
-
Size
147KB
-
Sample
221126-e3netsfc3s
-
MD5
1eb05ec5bc5982ebc88aa1ad6b69fb46
-
SHA1
fcfc2f0c0f5cc446961959165b6dc01b29b23701
-
SHA256
c841cb96a9a0648f1d9df6b16c244bc1e80aca79eebd77e733c2c33ddcef5e1a
-
SHA512
c591a73be6073da3ee9a2f80336ba386c31c9f5f08332d5b8a6ec959bb8a6cc929dae51309832c648af44c69e712082f930e11ae3324a528bcfe5ff1265bb9f6
-
SSDEEP
3072:fkJxzH6d2wC065TLWslukoo1Cl7U8onB:f4i2wklukooS7U8
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
147KB
-
MD5
1eb05ec5bc5982ebc88aa1ad6b69fb46
-
SHA1
fcfc2f0c0f5cc446961959165b6dc01b29b23701
-
SHA256
c841cb96a9a0648f1d9df6b16c244bc1e80aca79eebd77e733c2c33ddcef5e1a
-
SHA512
c591a73be6073da3ee9a2f80336ba386c31c9f5f08332d5b8a6ec959bb8a6cc929dae51309832c648af44c69e712082f930e11ae3324a528bcfe5ff1265bb9f6
-
SSDEEP
3072:fkJxzH6d2wC065TLWslukoo1Cl7U8onB:f4i2wklukooS7U8
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-