General
-
Target
file.exe
-
Size
321KB
-
Sample
230206-wa5l3sfb44
-
MD5
6388175964e8a802a8a33fea99990f8e
-
SHA1
a68f065464df424b726be370c209f47a4fb3755b
-
SHA256
bb601ef5b3cef445b6f9eea25573ae26c8c40317278d8346fb289f283f3ebc47
-
SHA512
c874f3900b47b6bd41f2275a360d7b97a0c5cf0e1df355dcfdb67c8d7e9124f646693bda305ce8d3937997b34d07de441ec7f0d16effbcb17c5524051d43c1d8
-
SSDEEP
6144:frLZLCRK0YQ0q1x8CweTkzZzCCyruQj9ZExaMc:DLZGRKmxVT6hCnrljCa
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
321KB
-
MD5
6388175964e8a802a8a33fea99990f8e
-
SHA1
a68f065464df424b726be370c209f47a4fb3755b
-
SHA256
bb601ef5b3cef445b6f9eea25573ae26c8c40317278d8346fb289f283f3ebc47
-
SHA512
c874f3900b47b6bd41f2275a360d7b97a0c5cf0e1df355dcfdb67c8d7e9124f646693bda305ce8d3937997b34d07de441ec7f0d16effbcb17c5524051d43c1d8
-
SSDEEP
6144:frLZLCRK0YQ0q1x8CweTkzZzCCyruQj9ZExaMc:DLZGRKmxVT6hCnrljCa
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-