General
-
Target
file.exe
-
Size
349KB
-
Sample
221202-l5nxpsfe47
-
MD5
f085b97a4a86e373cfee621309149f70
-
SHA1
ea6c5f117b22fdbc40c80292eca1be2b2e03c27a
-
SHA256
d289352c7a93aa0c2405c0f8b81162937680262984b90d27b018ba7096952219
-
SHA512
7436bbe8b50fe75fc64b84de62b4abf2edc6935c50693a7df44e85ec0cb0ec372daf26587a9f810b93d7dd1f5a42cb1ef1fc7587fe76be16e489be63de024da5
-
SSDEEP
3072:9RZr18aXVLB9+mTtq5qcns2e9/ajB03AJfPg4asOVxFJ4trhIh3eGjMgG1ao5Lc:VOEVLr+mTnIe9/ajm8ngoa94BuRjMgU
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
349KB
-
MD5
f085b97a4a86e373cfee621309149f70
-
SHA1
ea6c5f117b22fdbc40c80292eca1be2b2e03c27a
-
SHA256
d289352c7a93aa0c2405c0f8b81162937680262984b90d27b018ba7096952219
-
SHA512
7436bbe8b50fe75fc64b84de62b4abf2edc6935c50693a7df44e85ec0cb0ec372daf26587a9f810b93d7dd1f5a42cb1ef1fc7587fe76be16e489be63de024da5
-
SSDEEP
3072:9RZr18aXVLB9+mTtq5qcns2e9/ajB03AJfPg4asOVxFJ4trhIh3eGjMgG1ao5Lc:VOEVLr+mTnIe9/ajm8ngoa94BuRjMgU
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-