General
-
Target
033b137b0cb9a9c688701f67b5b212b773cdcf711241ea24f8f8c4dc9fcf6f3c
-
Size
175KB
-
Sample
240417-pkg57sef29
-
MD5
e120e632316f05b29ef95ba390f24c76
-
SHA1
60377d7bd1bd11b5f656e7091c23d10d37fe7256
-
SHA256
033b137b0cb9a9c688701f67b5b212b773cdcf711241ea24f8f8c4dc9fcf6f3c
-
SHA512
5eafba5c031f13fb89fecb2087b340437b50ddf4a9567bbb52ceb27f8933c8faea2e531e68957a0cfdb9417bc39770b9bfea72b321126bbe3a890ce6dfa8e254
-
SSDEEP
3072:9u5iKgwEAC67UxwDi7QsVnpehI5hI5WRk4LrZL5DSBsVelGwVUg8mq2zdW1eWhOz:cgKEQUGDi7Qsa65hI54lP4Fp3d2q
Static task
static1
Behavioral task
behavioral1
Sample
9f88f8dba6df3a1116c8444e9b03812fcadf4d8bf9f67d6cfcfb42eaae819e70.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9f88f8dba6df3a1116c8444e9b03812fcadf4d8bf9f67d6cfcfb42eaae819e70.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
9f88f8dba6df3a1116c8444e9b03812fcadf4d8bf9f67d6cfcfb42eaae819e70.exe
-
Size
299KB
-
MD5
54b34c36efd4417cbcc35e2ac2c3e67c
-
SHA1
1e8515d94951bdf686fc5e2ab33885fb99efbaeb
-
SHA256
9f88f8dba6df3a1116c8444e9b03812fcadf4d8bf9f67d6cfcfb42eaae819e70
-
SHA512
af0134597248b30fd78b3cc7d73760a9aea62d27edcb5be7874373fe8dc04b3e0c6327443fda38ac32a8ba74119cfd7b02b2b711ce3280abbe1335cb6fee62b4
-
SSDEEP
3072:9LJYk6t5eTZuuC3rYFwHV6nRKgB2k3zjdCZr6TN8TiuFxAXc5OUZdu8HVZO7:9LKlsTa3rYfB24Mr2s4jUTu8HVc7
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1