General
-
Target
file.exe
-
Size
349KB
-
Sample
221202-n9r62aeg87
-
MD5
25607028a72fbb399ede69c15f19d08c
-
SHA1
ad83445665fdc6033d4493d3350923acbc2eff2e
-
SHA256
d195f54bc656f97fbafcbf12faed2ad4a6e8caf22bb6301747fbfa9228ece66d
-
SHA512
ae40f583c6a5241eeef93e8fdfd5879ae0c77884fb89d4501cf9b52a2629f134a82cc9d2ea61bc9715a61faf3d288eea7cdcf0687e8f5633140a970a06a74e79
-
SSDEEP
6144:IMAIKL74634xpBf93nGLe0q/7qCPKMPuRjMgU:I/5X3473nq07KMmRQg
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
349KB
-
MD5
25607028a72fbb399ede69c15f19d08c
-
SHA1
ad83445665fdc6033d4493d3350923acbc2eff2e
-
SHA256
d195f54bc656f97fbafcbf12faed2ad4a6e8caf22bb6301747fbfa9228ece66d
-
SHA512
ae40f583c6a5241eeef93e8fdfd5879ae0c77884fb89d4501cf9b52a2629f134a82cc9d2ea61bc9715a61faf3d288eea7cdcf0687e8f5633140a970a06a74e79
-
SSDEEP
6144:IMAIKL74634xpBf93nGLe0q/7qCPKMPuRjMgU:I/5X3473nq07KMmRQg
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-