General
-
Target
7a4cfb277cc054d761bde28a0f92caa9f142ad61959923a023a0d8248ad1c4ee.zip
-
Size
164KB
-
Sample
231119-1bq8ascf3v
-
MD5
a21ae8cfb1b53fb43b53ef7c470e7973
-
SHA1
b66e7af6b1decb7291b26ce2f2d20d748e5476c3
-
SHA256
4ee930a612d132bce0a8af62c52b8e6d3e124bf344cab0d7db489b0455f592f0
-
SHA512
184de947f3f7a2b71e8391187e116588cf1fefaa5fcd8156bb86c43f7469d24cb30466480bb53707f2f386d864615f5d03e84e1b16bc9ceafff0cd5947c5bc7f
-
SSDEEP
3072:LbWZod7+k2XiiK5KxrvwGmnqFN10uuZQTNyzWgN3DtTJgvyJ6nI1qjWBhSDctJH:eOd7yySBwLnqP10liTUzO46nHQIcj
Static task
static1
Behavioral task
behavioral1
Sample
7a4cfb277cc054d761bde28a0f92caa9f142ad61959923a023a0d8248ad1c4ee.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
7a4cfb277cc054d761bde28a0f92caa9f142ad61959923a023a0d8248ad1c4ee.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
7a4cfb277cc054d761bde28a0f92caa9f142ad61959923a023a0d8248ad1c4ee.exe
-
Size
254KB
-
MD5
02ac11d7691ed7141949fc5c03d5aae8
-
SHA1
b122e23b4dfb29d4efedbbe7a72c75d696f8a7ac
-
SHA256
7a4cfb277cc054d761bde28a0f92caa9f142ad61959923a023a0d8248ad1c4ee
-
SHA512
c437f0cec3cbe5a62a650cafd0814016864c083a2df5a65000d0411b8249daec0744b7c948039a97848135a263ba183a9cb00876fbc3d22ee1e8322dfda0e55e
-
SSDEEP
3072:M9xGAh803FPqB1HzqotaoQpxVKPk4hjw6EX7eUkpvTRSdnbr4rO/p/4CY/:w/8iYlAxVKMuELrdnbr4yG
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
2Windows Service
2