General
-
Target
file.exe
-
Size
276KB
-
Sample
221202-h5jq7sec55
-
MD5
010f80610ed8b65773d1a85863c4df30
-
SHA1
ef9746a7ecc34f0cfd22fec39a4d8b24674abfed
-
SHA256
b88b9ed4918755d2ee5d4e8ec49915b6b0991cff51fd6d65f75e02757af71d10
-
SHA512
fc62a6875922e8aa069618baf4c0dd608440b8b6e79c91016d37a094472983f98e4f62dce2aff9334bd5ab7c58408b9e280ab2bb4e1067f3166a144c9c8359d0
-
SSDEEP
3072:NQge8WCBrrL4v8CVtq5qDGyKdhpHqPmgTDrtQYaVi5MXYhIh3eGjMgG1ao5Lk:NV/Lq8CVnD4h9qPmgTHqpQVuRjMgU
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
276KB
-
MD5
010f80610ed8b65773d1a85863c4df30
-
SHA1
ef9746a7ecc34f0cfd22fec39a4d8b24674abfed
-
SHA256
b88b9ed4918755d2ee5d4e8ec49915b6b0991cff51fd6d65f75e02757af71d10
-
SHA512
fc62a6875922e8aa069618baf4c0dd608440b8b6e79c91016d37a094472983f98e4f62dce2aff9334bd5ab7c58408b9e280ab2bb4e1067f3166a144c9c8359d0
-
SSDEEP
3072:NQge8WCBrrL4v8CVtq5qDGyKdhpHqPmgTDrtQYaVi5MXYhIh3eGjMgG1ao5Lk:NV/Lq8CVnD4h9qPmgTHqpQVuRjMgU
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-