General
-
Target
file.exe
-
Size
350KB
-
Sample
221202-l7ertaba8s
-
MD5
e6c5a231ec3235d5020f4af44ee5f2b8
-
SHA1
ae7aeaf37397c4adf15eb839f3a69b0b64444e9f
-
SHA256
72ddf1a00d4705c99c0d26668d6af55071dcddeb9c4da47f87e5c69dc1ef3e19
-
SHA512
367668d17178bb47ab49afdd7d9ff73682cca7872920e587592f739b55805f056b3f93613bff6d359f84f4c0d18c6bc9ac461d30998dce865130ebec50380692
-
SSDEEP
6144:KHXLG/6QDZw2FGxTKrzXR8+zqrWuRjMgU:K3S/DK2sYzXR8/RQg
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
350KB
-
MD5
e6c5a231ec3235d5020f4af44ee5f2b8
-
SHA1
ae7aeaf37397c4adf15eb839f3a69b0b64444e9f
-
SHA256
72ddf1a00d4705c99c0d26668d6af55071dcddeb9c4da47f87e5c69dc1ef3e19
-
SHA512
367668d17178bb47ab49afdd7d9ff73682cca7872920e587592f739b55805f056b3f93613bff6d359f84f4c0d18c6bc9ac461d30998dce865130ebec50380692
-
SSDEEP
6144:KHXLG/6QDZw2FGxTKrzXR8+zqrWuRjMgU:K3S/DK2sYzXR8/RQg
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-