General
-
Target
e908efc5c057ba1a4fedc8d7f4ce76c29c50d7a4f03702de8945a47a9c21b24e
-
Size
128KB
-
Sample
240417-qvrm3ahg66
-
MD5
4fa58c8e2b43af8f4187af538e24e3ef
-
SHA1
fcc2a05e18c22a210596b168041f7c159833449b
-
SHA256
e908efc5c057ba1a4fedc8d7f4ce76c29c50d7a4f03702de8945a47a9c21b24e
-
SHA512
1a9a13eae50b5979adddd015bdeb25edea41676b4f1f3f8cb170a70835b5677bf230f78511c2e8f82e54163562362b38e16fb78ff14fd88ab87873d370eac744
-
SSDEEP
3072:9Syi8zwswtvdcY24I8S3nlJqz1W43WiNZN5zlunOxg303:cySd0U2b43Dzlunqm03
Static task
static1
Behavioral task
behavioral1
Sample
2496bd1f22e675f292a9176022379b39bd6c0a74ca928ca3cca4d639a66f108f.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2496bd1f22e675f292a9176022379b39bd6c0a74ca928ca3cca4d639a66f108f.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
2496bd1f22e675f292a9176022379b39bd6c0a74ca928ca3cca4d639a66f108f.exe
-
Size
233KB
-
MD5
b9c89c3ed216df0e259b9d0b38a2dc94
-
SHA1
ea82873249048a2dc026d8bb24616147a9d95729
-
SHA256
2496bd1f22e675f292a9176022379b39bd6c0a74ca928ca3cca4d639a66f108f
-
SHA512
ce196ae521c72a6d6ea968a8a948f5ec7040a79616146e8b175accad9277c4a5e825b3af6d45bfde65f430863c0386a5724dd16e07d9b27878082d86a7644c88
-
SSDEEP
3072:rJWQg26WaXsiQLhJi3s1KMnwFlscekf3O2D+sYc+VhfRv9ae:rJrSiLslsclz+PZ9f
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1