General
-
Target
17a01d32407a790eec38895f972fa31040b5fe55bc5d8f39fc5c6bc58658cc68
-
Size
169KB
-
Sample
240417-qqqj7sba6s
-
MD5
ae68531e41f47f7656edde1971c94ef9
-
SHA1
c951b2fa3f92a43d72d116daf1941ab9379725b6
-
SHA256
17a01d32407a790eec38895f972fa31040b5fe55bc5d8f39fc5c6bc58658cc68
-
SHA512
56a0471a9f829474e1daebc8e58cc54a30d1ad5847b71cd7d2a30fd3a5eda0a95f1b525e4a48e8ab0e0b0aa4c09495d15ddfbee43c0e188c4f4c170267a079a1
-
SSDEEP
3072:656RRPNOghGge5ZRWlVcfdxC7zzjjyQXLT6wZSAtU85JxUQtewfOhFWc:zP4IGge5ylVZ7f/Z7T/Zw85MQMwEWc
Static task
static1
Behavioral task
behavioral1
Sample
b984128113ff555edf24f086dcec400c697413f9095c8510da1058a98a2cc4ad.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b984128113ff555edf24f086dcec400c697413f9095c8510da1058a98a2cc4ad.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
b984128113ff555edf24f086dcec400c697413f9095c8510da1058a98a2cc4ad.exe
-
Size
302KB
-
MD5
9f9e5f55dc8cb3809e24b14fb8f9c27d
-
SHA1
cfed2d1d3e44d8ad3d0cade2ca83f105949aa952
-
SHA256
b984128113ff555edf24f086dcec400c697413f9095c8510da1058a98a2cc4ad
-
SHA512
5e8acc5af13c952fd1f02f88d2acf5314bd98216d51f340f1e0163551c27c44267391bd82ef8d72a214ee3d28803f7c08ec2ca2a84f0c599bbe17e9d955d56b6
-
SSDEEP
6144:VdUtDjcT/lUmHvYBLDTOGc/sh4m18vMm48IRi7:rq3w/6mHvYBSGosym1gMv8
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1