General
-
Target
653bb56b0d56694921a92ff391a5f43f60e95fe6e34286263023f3ebdd0764b9
-
Size
133KB
-
Sample
240417-qs3ybabc2s
-
MD5
4338f0506ecb6245469b2f8d937ca5b9
-
SHA1
cf1ccbb459e009fd707d274c49a9e4788a21d080
-
SHA256
653bb56b0d56694921a92ff391a5f43f60e95fe6e34286263023f3ebdd0764b9
-
SHA512
225d81b3aafe7ed657af524cf8450751bcf5751fc30b1782c5c288b4563ca3d7f3586de590c403435d01582cb74741b2038087b719711c3952ecbd8b2775f61f
-
SSDEEP
3072:L+qJY6tcjmhv1WS/JHUSaU0gDOJgThdQhhrBUWtk0BxZ3NN7LzRaismdw:L+EYLjsv4OOUbRVmLTZ9ZLtsz
Static task
static1
Behavioral task
behavioral1
Sample
f6c76564b0268b7c3b754b05e498fcbc7e11fc1907460d12b1d55dd0d0662834.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
f6c76564b0268b7c3b754b05e498fcbc7e11fc1907460d12b1d55dd0d0662834.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
f6c76564b0268b7c3b754b05e498fcbc7e11fc1907460d12b1d55dd0d0662834.exe
-
Size
291KB
-
MD5
66ebc32e8c190f890b24ccdac2e9a428
-
SHA1
5c3f23e69bfe7dc42c6a25bb670357a18c8455c7
-
SHA256
f6c76564b0268b7c3b754b05e498fcbc7e11fc1907460d12b1d55dd0d0662834
-
SHA512
7c7ef99016cd154d649f6fd0de6457d43a3e2e6e52735306c9be7ddaa9eb9f7d0110cfbf839eaf4b56c7c57db92ebe1653abae569a9b3d6f38c83fc2b5b13142
-
SSDEEP
3072:GDq1IwpTDlRRfAIiLGFJuQIjn5KK8PNUX558:wpwT3RfEJ3sZKA
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1