General
-
Target
file.exe
-
Size
299KB
-
Sample
230206-xdf9bsae8y
-
MD5
ca8dd6f47d5d394a0a7579c7e8e83c39
-
SHA1
8035dab4c17144e77c1dff36c5c76d68e8c505f3
-
SHA256
84e3be0472538cf0bd58385dc694f4ee839e12e713ebb620f533fc8b69ae2110
-
SHA512
8cc7857355a04d2b53ad2029c47f53d245fec118646bad782e9b8d68e59367631098587cc83810b79d393645d8d07120f396dde810917bf4382b229aa92aa5ca
-
SSDEEP
6144:C69rELImH1DXMEXR/Mk4vVyhmuQj9n32a:CUoE/EXR/MzYmljFG
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
299KB
-
MD5
ca8dd6f47d5d394a0a7579c7e8e83c39
-
SHA1
8035dab4c17144e77c1dff36c5c76d68e8c505f3
-
SHA256
84e3be0472538cf0bd58385dc694f4ee839e12e713ebb620f533fc8b69ae2110
-
SHA512
8cc7857355a04d2b53ad2029c47f53d245fec118646bad782e9b8d68e59367631098587cc83810b79d393645d8d07120f396dde810917bf4382b229aa92aa5ca
-
SSDEEP
6144:C69rELImH1DXMEXR/Mk4vVyhmuQj9n32a:CUoE/EXR/MzYmljFG
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-