General
-
Target
cf08ecb08edbc52e65c8f40215d1e631.exe
-
Size
235KB
-
Sample
230602-b7kyqahg4y
-
MD5
cf08ecb08edbc52e65c8f40215d1e631
-
SHA1
1de7abbfa87a31b694ee92413c83f7a22a55c2f8
-
SHA256
19dd9c0331cc180aa3c5d1b2c7d9b8897274b393c5f36957e10281f3965f9580
-
SHA512
2044e021e7d8eed05ca30205eefd65a586fb23c7eb73bd7b5848895ebc49ebe869d103e935c70564ecb0e573bc22cd0d017501934f781254b1bc40b0888327f4
-
SSDEEP
3072:uXj1yteXDZ65fyY4RxozmJXEoVyROKipzmmpARedR5TPx2qc:2lI6Cz1oAABfARedf0
Static task
static1
Behavioral task
behavioral1
Sample
cf08ecb08edbc52e65c8f40215d1e631.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
cf08ecb08edbc52e65c8f40215d1e631.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
cf08ecb08edbc52e65c8f40215d1e631.exe
-
Size
235KB
-
MD5
cf08ecb08edbc52e65c8f40215d1e631
-
SHA1
1de7abbfa87a31b694ee92413c83f7a22a55c2f8
-
SHA256
19dd9c0331cc180aa3c5d1b2c7d9b8897274b393c5f36957e10281f3965f9580
-
SHA512
2044e021e7d8eed05ca30205eefd65a586fb23c7eb73bd7b5848895ebc49ebe869d103e935c70564ecb0e573bc22cd0d017501934f781254b1bc40b0888327f4
-
SSDEEP
3072:uXj1yteXDZ65fyY4RxozmJXEoVyROKipzmmpARedR5TPx2qc:2lI6Cz1oAABfARedf0
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-