General
-
Target
file.exe
-
Size
350KB
-
Sample
221202-mxvkysdg7z
-
MD5
64b84c266e164427f5ff999f0852817c
-
SHA1
2ac627bc23ec6669c2d8a95f6c3f35c6e1e753a9
-
SHA256
ef514682a7ab092326100883aa5a4101cb49a2054f538e3731d80c19e065f016
-
SHA512
f1e36be5e459c71eef8c3880d3cb905bf7f4f909fe00bafb255b45e89b1657cbb3cb6596ffe91751fe690dd7d1923ad8884a4198813ce4a0253ea4025c9ff69b
-
SSDEEP
6144:Y825LbuPCD71fzEEtPBYNd2LNDRyjkuRjMgU:Y7nuKRlRKd2RDA1RQg
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
350KB
-
MD5
64b84c266e164427f5ff999f0852817c
-
SHA1
2ac627bc23ec6669c2d8a95f6c3f35c6e1e753a9
-
SHA256
ef514682a7ab092326100883aa5a4101cb49a2054f538e3731d80c19e065f016
-
SHA512
f1e36be5e459c71eef8c3880d3cb905bf7f4f909fe00bafb255b45e89b1657cbb3cb6596ffe91751fe690dd7d1923ad8884a4198813ce4a0253ea4025c9ff69b
-
SSDEEP
6144:Y825LbuPCD71fzEEtPBYNd2LNDRyjkuRjMgU:Y7nuKRlRKd2RDA1RQg
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-