General
-
Target
5496d968b378eef69af5eb89159bc728b8ad9e395e42c74f788a4b7a8ec8a7bd.exe
-
Size
290KB
-
Sample
240615-bxsktayapr
-
MD5
985584f5b7be5d605c1264624f4bd68e
-
SHA1
8efbf3680021b3fb3b68094ee5296dcabb5abc1a
-
SHA256
5496d968b378eef69af5eb89159bc728b8ad9e395e42c74f788a4b7a8ec8a7bd
-
SHA512
e6c582d168f066c031161b8b098114edd95f5fde5c70eb1e8150fb44fd3520a4be7e9e71195c3c58078d7b9802e053ffa3e452a87965eb9e6a0ac580ccd8e34b
-
SSDEEP
3072:NNnq5gpiR+cS7kBapQOm47e6rGyQqKCHRsJFULJtkSUyHbmcnTVaz42JVOrTKYj:rq5gN70xee6treFD7y7mcnTVaBJVOrT
Static task
static1
Behavioral task
behavioral1
Sample
5496d968b378eef69af5eb89159bc728b8ad9e395e42c74f788a4b7a8ec8a7bd.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
5496d968b378eef69af5eb89159bc728b8ad9e395e42c74f788a4b7a8ec8a7bd.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
5496d968b378eef69af5eb89159bc728b8ad9e395e42c74f788a4b7a8ec8a7bd.exe
-
Size
290KB
-
MD5
985584f5b7be5d605c1264624f4bd68e
-
SHA1
8efbf3680021b3fb3b68094ee5296dcabb5abc1a
-
SHA256
5496d968b378eef69af5eb89159bc728b8ad9e395e42c74f788a4b7a8ec8a7bd
-
SHA512
e6c582d168f066c031161b8b098114edd95f5fde5c70eb1e8150fb44fd3520a4be7e9e71195c3c58078d7b9802e053ffa3e452a87965eb9e6a0ac580ccd8e34b
-
SSDEEP
3072:NNnq5gpiR+cS7kBapQOm47e6rGyQqKCHRsJFULJtkSUyHbmcnTVaz42JVOrTKYj:rq5gN70xee6treFD7y7mcnTVaBJVOrT
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2