General
-
Target
3a746974da0c50d746aabe922ec4e7d3.exe
-
Size
197KB
-
Sample
230411-n2v8qadh6v
-
MD5
3a746974da0c50d746aabe922ec4e7d3
-
SHA1
c37e1beca1da2866961a51a75a4358c78e32997b
-
SHA256
5c3c394e210954a18fab99b23fe51d874d5395a867ffcacede8286dacf463960
-
SHA512
b3802da383289cbea44a55bee525ca0a230eea4341b7063bf92689db6b5601f044231db0909166035df471c35532b5e0dd67effd69acd08dced43a6432d7bda5
-
SSDEEP
3072:5LcFddSO6u+H+dNnMRbbue0bdY2NC0fRBdFX:5cl6ujdNnMNbP0bbCOBdR
Static task
static1
Behavioral task
behavioral1
Sample
3a746974da0c50d746aabe922ec4e7d3.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
3a746974da0c50d746aabe922ec4e7d3.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
3a746974da0c50d746aabe922ec4e7d3.exe
-
Size
197KB
-
MD5
3a746974da0c50d746aabe922ec4e7d3
-
SHA1
c37e1beca1da2866961a51a75a4358c78e32997b
-
SHA256
5c3c394e210954a18fab99b23fe51d874d5395a867ffcacede8286dacf463960
-
SHA512
b3802da383289cbea44a55bee525ca0a230eea4341b7063bf92689db6b5601f044231db0909166035df471c35532b5e0dd67effd69acd08dced43a6432d7bda5
-
SSDEEP
3072:5LcFddSO6u+H+dNnMRbbue0bdY2NC0fRBdFX:5cl6ujdNnMNbP0bbCOBdR
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-