General
-
Target
file.exe
-
Size
350KB
-
Sample
221202-kz22psfc8s
-
MD5
38e3f0f985ad66154c83f39a43c7b499
-
SHA1
c2082df23b60440e5e5661feab6001183c79c299
-
SHA256
12c8a5d0074b51c3d799ef722a7d97e7e1490529064759ef5932e0e76f28bf7e
-
SHA512
c955c141ca47679985da8cce632d0bcc6572956d5a19918061afc64067acda98f180385837c302e0e76e0386a06db085175131ee52569a3fb324becf795a19ce
-
SSDEEP
6144:G3gLadmInlyjX3m3iCww4ek4NYpIlIwassuYQuRjMgU:Gw2dHcjX3m3iC9SEYpIlHaBpdRQg
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
350KB
-
MD5
38e3f0f985ad66154c83f39a43c7b499
-
SHA1
c2082df23b60440e5e5661feab6001183c79c299
-
SHA256
12c8a5d0074b51c3d799ef722a7d97e7e1490529064759ef5932e0e76f28bf7e
-
SHA512
c955c141ca47679985da8cce632d0bcc6572956d5a19918061afc64067acda98f180385837c302e0e76e0386a06db085175131ee52569a3fb324becf795a19ce
-
SSDEEP
6144:G3gLadmInlyjX3m3iCww4ek4NYpIlIwassuYQuRjMgU:Gw2dHcjX3m3iC9SEYpIlHaBpdRQg
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-