General
-
Target
file.exe
-
Size
349KB
-
Sample
221202-ldmwbsgd6y
-
MD5
a1799db268c1e09addebda326640d27a
-
SHA1
2e7dd4871e0220a69c1913c974ddc5f43ee4fb25
-
SHA256
6d1c55b32923f8a5c29fbfd3a1596bc9ef0a6f5376d8b923dcb334fc7ce97c07
-
SHA512
6ead660126768007d2bb296656654867cd4a6642fccf9122415de573fc9a1644900c9b0b2342c6218ae24dae690e04868ab03ee197d5ba3aa18136eb0ae775f4
-
SSDEEP
3072:ix4P18aXVLB9+mTtq5qWGcjKQ10S+LwgME9WKFL6OhtWItQTIhIh3eGjMgG1ao5w:lOEVLr+mTnWr2W0S+zWY9uRjMgU
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
349KB
-
MD5
a1799db268c1e09addebda326640d27a
-
SHA1
2e7dd4871e0220a69c1913c974ddc5f43ee4fb25
-
SHA256
6d1c55b32923f8a5c29fbfd3a1596bc9ef0a6f5376d8b923dcb334fc7ce97c07
-
SHA512
6ead660126768007d2bb296656654867cd4a6642fccf9122415de573fc9a1644900c9b0b2342c6218ae24dae690e04868ab03ee197d5ba3aa18136eb0ae775f4
-
SSDEEP
3072:ix4P18aXVLB9+mTtq5qWGcjKQ10S+LwgME9WKFL6OhtWItQTIhIh3eGjMgG1ao5w:lOEVLr+mTnWr2W0S+zWY9uRjMgU
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-