General
-
Target
file.exe
-
Size
147KB
-
Sample
221126-j29znaha8v
-
MD5
4eb62a4c6ef0b767b031754502a53d39
-
SHA1
1031001a9972fadf5308ade23eaa3010a168c256
-
SHA256
e8ee109e27398ee0a3db27958f243924c1bba9523919c375a49e606acc53cc54
-
SHA512
d5765daac7a19123e203e0f7e90c2ed43e6aebb1246c5516b7141f526a007a3d06310e278ebf2e0dece2e0a0446a602fea22a537d4caa6f79aa2625e23859047
-
SSDEEP
3072:YrEIFtEGVCjl65U0o000FBUFfmEeVdvw46LkxC:HZGVy0o000FBUYnvwL
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
147KB
-
MD5
4eb62a4c6ef0b767b031754502a53d39
-
SHA1
1031001a9972fadf5308ade23eaa3010a168c256
-
SHA256
e8ee109e27398ee0a3db27958f243924c1bba9523919c375a49e606acc53cc54
-
SHA512
d5765daac7a19123e203e0f7e90c2ed43e6aebb1246c5516b7141f526a007a3d06310e278ebf2e0dece2e0a0446a602fea22a537d4caa6f79aa2625e23859047
-
SSDEEP
3072:YrEIFtEGVCjl65U0o000FBUFfmEeVdvw46LkxC:HZGVy0o000FBUYnvwL
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-