General
-
Target
file.exe
-
Size
277KB
-
Sample
221202-jwksksgf87
-
MD5
c6d415401f056c763ed6f1cefe3076ff
-
SHA1
abbb11a5864fff00cc3146c32004571dbd852cc1
-
SHA256
54ef0321778d07db74c4f406549fe0ec1bd8bb928afa93eb74a547b1e76e4c27
-
SHA512
126ec28005065c7b8c363c1d1b228ce620440a6d712965945520bc312ee72a9e7cf3f6590c9da221135a881ebe0a43e9dcf6ea1debbb3a24448d3ce295b8c0d6
-
SSDEEP
6144:k2tLrHGAnNTpmp5kIm0HUvuwDCmgnSuiHuRjMgU:kEHHLNTpmpiIJ02jNRQg
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
277KB
-
MD5
c6d415401f056c763ed6f1cefe3076ff
-
SHA1
abbb11a5864fff00cc3146c32004571dbd852cc1
-
SHA256
54ef0321778d07db74c4f406549fe0ec1bd8bb928afa93eb74a547b1e76e4c27
-
SHA512
126ec28005065c7b8c363c1d1b228ce620440a6d712965945520bc312ee72a9e7cf3f6590c9da221135a881ebe0a43e9dcf6ea1debbb3a24448d3ce295b8c0d6
-
SSDEEP
6144:k2tLrHGAnNTpmp5kIm0HUvuwDCmgnSuiHuRjMgU:kEHHLNTpmpiIJ02jNRQg
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-