General
-
Target
file.exe
-
Size
276KB
-
Sample
221202-g1hgxaah77
-
MD5
68d3b1e67263b0d65c81e9738924c21d
-
SHA1
29ef6a67c445c7ba49c4206bfac2da03a9d8ac1b
-
SHA256
1fb5e05e383ce3b2950d93894f802b730a867f688d6af5d80f404956117d3e89
-
SHA512
1acdb17454cf8333b8d92d2263ba58f5fd079dd37a35df3b19ae51b6891fd9b23421fdf4a0347862d37dcf49343e7603486fb7509c6764f7bf5a5235935b7746
-
SSDEEP
3072:siRc48qyPDiLo4YXMtq5qsDm6JPWXylDBKJ+0h5h0jKPcWJME9hIh3eGjMgG1aoK:KFbiLxYXMnkXAXG4XQK0WJuRjMgU
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
276KB
-
MD5
68d3b1e67263b0d65c81e9738924c21d
-
SHA1
29ef6a67c445c7ba49c4206bfac2da03a9d8ac1b
-
SHA256
1fb5e05e383ce3b2950d93894f802b730a867f688d6af5d80f404956117d3e89
-
SHA512
1acdb17454cf8333b8d92d2263ba58f5fd079dd37a35df3b19ae51b6891fd9b23421fdf4a0347862d37dcf49343e7603486fb7509c6764f7bf5a5235935b7746
-
SSDEEP
3072:siRc48qyPDiLo4YXMtq5qsDm6JPWXylDBKJ+0h5h0jKPcWJME9hIh3eGjMgG1aoK:KFbiLxYXMnkXAXG4XQK0WJuRjMgU
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-