General
-
Target
b3b8c4e1e9530c4d7ae400c50ad2c7ecf0b444fc02e46573e106725cbc6ee5d9
-
Size
128KB
-
Sample
240417-rjygxacg9t
-
MD5
aa784bd2a6d2ead0bcb4c50aeca82c61
-
SHA1
6526414e523a3d4506191f2422033341778496b5
-
SHA256
b3b8c4e1e9530c4d7ae400c50ad2c7ecf0b444fc02e46573e106725cbc6ee5d9
-
SHA512
f77d74a4cef4e91c89c84c7f5097b33c2b47507fb7227ece527b2d060d5602d9bbb7eef7fcd1fbd0140e229102ebc66e2de6c0187d635a4c4aa6273b6f261218
-
SSDEEP
3072:rqC6WIDMD9k+tqFDbdPYtlzSton6TY0+w8c58:x68a+qFDZPYtl+3Ynw8d
Static task
static1
Behavioral task
behavioral1
Sample
2496bd1f22e675f292a9176022379b39bd6c0a74ca928ca3cca4d639a66f108f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2496bd1f22e675f292a9176022379b39bd6c0a74ca928ca3cca4d639a66f108f.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
2496bd1f22e675f292a9176022379b39bd6c0a74ca928ca3cca4d639a66f108f.exe
-
Size
233KB
-
MD5
b9c89c3ed216df0e259b9d0b38a2dc94
-
SHA1
ea82873249048a2dc026d8bb24616147a9d95729
-
SHA256
2496bd1f22e675f292a9176022379b39bd6c0a74ca928ca3cca4d639a66f108f
-
SHA512
ce196ae521c72a6d6ea968a8a948f5ec7040a79616146e8b175accad9277c4a5e825b3af6d45bfde65f430863c0386a5724dd16e07d9b27878082d86a7644c88
-
SSDEEP
3072:rJWQg26WaXsiQLhJi3s1KMnwFlscekf3O2D+sYc+VhfRv9ae:rJrSiLslsclz+PZ9f
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1