General
-
Target
file.exe
-
Size
276KB
-
Sample
221202-j96xzahg63
-
MD5
04c62424433988aed6944dc558855824
-
SHA1
cb6c87d5dc521549084a92e26330340f56086f24
-
SHA256
514e2b4d0bdd3e933197edebb76699bf006f4b4f410e7adc491d73738c71151f
-
SHA512
c69cbbaa911f951b984927a9d772f043b47f157e512ffdc19d585de49af99a8a5b56944e1b34ad92906c297176909c86c9baf8a34057fe11669dcb2c344cebff
-
SSDEEP
3072:qJq486qfLrfPDC1tq5q6rxBWRmk821kjOzSGyCAIMuJcbP2BcWtV0ofAfpBtShIJ:R1fLbDC1nUFBOz7cgvVSpKuRjMgU
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
276KB
-
MD5
04c62424433988aed6944dc558855824
-
SHA1
cb6c87d5dc521549084a92e26330340f56086f24
-
SHA256
514e2b4d0bdd3e933197edebb76699bf006f4b4f410e7adc491d73738c71151f
-
SHA512
c69cbbaa911f951b984927a9d772f043b47f157e512ffdc19d585de49af99a8a5b56944e1b34ad92906c297176909c86c9baf8a34057fe11669dcb2c344cebff
-
SSDEEP
3072:qJq486qfLrfPDC1tq5q6rxBWRmk821kjOzSGyCAIMuJcbP2BcWtV0ofAfpBtShIJ:R1fLbDC1nUFBOz7cgvVSpKuRjMgU
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-