General
-
Target
dd18a455e9d700d656ce6965cee1a068.bin
-
Size
171KB
-
Sample
230507-jea7tagc2x
-
MD5
32441e5a27867b5b51446ac767d6f62f
-
SHA1
260027f41139872d0a28f9efdc8e9b10e988f7ec
-
SHA256
628c1bfb9195b74c5a9846331f42886bc78aed36ac4049d010fe62fe4347f7ab
-
SHA512
c110fc4e9b553b8809dcaae3cc5bdf191f4c0ffa2459886dd0244418d0f51acd2fc0517b507c3ec22d9d52394d83d0947d68699dda33604d0d28a4a69f6ed97b
-
SSDEEP
3072:AOFU3+DtYF7Fxfd6bhoqLmMnxyIRKtW4pmuY53ujFB7i8pG1SscixxpPQJCEM1Y/:XUuZYxF1IbCCjK04pmvou8sYsdxx5fW/
Static task
static1
Behavioral task
behavioral1
Sample
18643a9a6e4b61e967e428fadb2d4bb52dfed8a949b4a39cb461c2e3a8e6d207.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
18643a9a6e4b61e967e428fadb2d4bb52dfed8a949b4a39cb461c2e3a8e6d207.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
18643a9a6e4b61e967e428fadb2d4bb52dfed8a949b4a39cb461c2e3a8e6d207.exe
-
Size
303KB
-
MD5
dd18a455e9d700d656ce6965cee1a068
-
SHA1
bb23d970e98a6a6ec178fc6c9c82689b3e92ee7c
-
SHA256
18643a9a6e4b61e967e428fadb2d4bb52dfed8a949b4a39cb461c2e3a8e6d207
-
SHA512
71dc5ce080f2f95f2b68bcd135cfbbb9d020e10f58972b4f90ac98a3794f7791857139d45f417d127182bb26caca996a94c95008f2fc0ccc8a3c1b16dd07b531
-
SSDEEP
3072:duhpDHOnUv1WfCBuL4IdkVDJNhA+GHRIBiSp5z5DT4zknffhd+OH:shpDH9vEfQQrdkB7Fi05ykn3v+y
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-