General
-
Target
4c9e7ca1b881dd37ba726f6ec004e05d0b2211c7f0e8dd70cb762065266023f6
-
Size
130KB
-
Sample
240417-qtayxsbc3w
-
MD5
e6be1a308e1f40f0de51e525fb822dcd
-
SHA1
36b9016623ead20a35dfeeb717483c85c25b3790
-
SHA256
4c9e7ca1b881dd37ba726f6ec004e05d0b2211c7f0e8dd70cb762065266023f6
-
SHA512
2f989bc1f93cab48323640b3d2e85c01b4a64840ea3d3797fd2233bf0e82371a5974696ab2309ba7cb81bb62524b3c74ba6a5c81277bad621181eea5978b7b3d
-
SSDEEP
3072:HFAIlWc/iOvs0sJpBq7YWyM28laHQG+TazmhU:XlWyiOunqtX28G+eKK
Static task
static1
Behavioral task
behavioral1
Sample
480bb7c62d6d596c5c800503158a552287674a749640cd93d17fd731566a9824.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
480bb7c62d6d596c5c800503158a552287674a749640cd93d17fd731566a9824.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
480bb7c62d6d596c5c800503158a552287674a749640cd93d17fd731566a9824.exe
-
Size
264KB
-
MD5
50d80adb391a32562abd1bbb1ca44d54
-
SHA1
6b2f264f7929a5315a783e310a521677be483e9d
-
SHA256
480bb7c62d6d596c5c800503158a552287674a749640cd93d17fd731566a9824
-
SHA512
05cd8ee3277fcc0250b3abaa2c99ba5e923028855539b3b4423db835d644112aa39ae5bab832d80b9781d77a1e325685544a8a36c40ac1541c3fecf07693d168
-
SSDEEP
3072:GBp0+j2liTED5ID9bJiJn1K2Dxodv32z+1EeijhVP/EmvI9G5qpRvm:GBp0OD/2zGQVP/em
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1