General
-
Target
0f4d67ce96f0798ab716b7689ccca0caa3992ed24a84677d3f5d1c7e78f13042
-
Size
128KB
-
Sample
240417-r7mqbaec7s
-
MD5
3abdba5a8c4e74b5e828cca08c1a937b
-
SHA1
8de2723c65d24e3e1316cb2199b98311a5966ad6
-
SHA256
0f4d67ce96f0798ab716b7689ccca0caa3992ed24a84677d3f5d1c7e78f13042
-
SHA512
cbe54c8d6f54c8df854b917cab8cb2ca8f05bd58dae1d1122babe6db097474710d3718c3ad37a201ea1d937c60f32ff18edbc1dd8dc5b66ca55d6db76d73438c
-
SSDEEP
3072:1Rg1sm+iGX5g+lMtTW+Rk/4ieNfDD3TRfvBWt2ty:1RE+iCy+aTwbe5/VfvMt2ty
Static task
static1
Behavioral task
behavioral1
Sample
900f15042c99288aef15c9187640b625ffec568147dd761f1508e9b61cc174d7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
900f15042c99288aef15c9187640b625ffec568147dd761f1508e9b61cc174d7.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
900f15042c99288aef15c9187640b625ffec568147dd761f1508e9b61cc174d7.exe
-
Size
204KB
-
MD5
1f57a9bb99804b8193ef503404bb7387
-
SHA1
674710911110b4b45030b990dabb3c45fd095b3f
-
SHA256
900f15042c99288aef15c9187640b625ffec568147dd761f1508e9b61cc174d7
-
SHA512
d93b6d24f3fdb267a0d43195bbba3494cb2734756e5e3090cea9e65c584d66ca5eb1842bda274f484a42dac89f2fb196a2ef83e9f8e70dad4ca4b1351c3acce7
-
SSDEEP
3072:qfrB/GLaZdXUNc8iirJiM21K7uu+5Oiq08tJz5zoy887jImQpeBNMRDx/+cmH:qfrwclVORxv5z8kI1x2co
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1