General
-
Target
1d4e2d006bff0bb6eb9cb7cf757b4003fd87386da931f844fede941868849749
-
Size
267KB
-
Sample
240418-x84ccach25
-
MD5
6736700e3dfb47ac9beba3c2eff9e7ca
-
SHA1
00d5f83f5bfd1bf889a0991882457db790c95c17
-
SHA256
1d4e2d006bff0bb6eb9cb7cf757b4003fd87386da931f844fede941868849749
-
SHA512
ffd04ada229530484d250ecba1c51b5175ac62dbdc872045c4b3426367c1545ee0eff9a90bba617d75f034d6e452e4a56ea753f7b0810b9268fefb41f55bdc5a
-
SSDEEP
3072:7QOPm6aPQb9A3Hd1fWSol++S8/5QvstAj9gQ7HUjzNR4hT/ydzUtmMG/:Lm6aoiXd13olaesstABE4hCwtY/
Static task
static1
Behavioral task
behavioral1
Sample
1d4e2d006bff0bb6eb9cb7cf757b4003fd87386da931f844fede941868849749.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1d4e2d006bff0bb6eb9cb7cf757b4003fd87386da931f844fede941868849749.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
1d4e2d006bff0bb6eb9cb7cf757b4003fd87386da931f844fede941868849749
-
Size
267KB
-
MD5
6736700e3dfb47ac9beba3c2eff9e7ca
-
SHA1
00d5f83f5bfd1bf889a0991882457db790c95c17
-
SHA256
1d4e2d006bff0bb6eb9cb7cf757b4003fd87386da931f844fede941868849749
-
SHA512
ffd04ada229530484d250ecba1c51b5175ac62dbdc872045c4b3426367c1545ee0eff9a90bba617d75f034d6e452e4a56ea753f7b0810b9268fefb41f55bdc5a
-
SSDEEP
3072:7QOPm6aPQb9A3Hd1fWSol++S8/5QvstAj9gQ7HUjzNR4hT/ydzUtmMG/:Lm6aoiXd13olaesstABE4hCwtY/
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1