General
-
Target
7800310c7b9e22b0528af79913ec7fa14055e228997375321404216a00b5a3b1
-
Size
233KB
-
Sample
240718-bnvntaybrq
-
MD5
c9604c8a94443bd545579ce55ae5ad27
-
SHA1
8f78a9d1d20762a330ea1de5df04d59d1a99dc04
-
SHA256
7800310c7b9e22b0528af79913ec7fa14055e228997375321404216a00b5a3b1
-
SHA512
7c7e6e47024449fd3a773ac84189b0b81e705a7ca174cc4e588ecd5bd64e9a3b6ea45ee8e93f2a568a200e31486b482934867c1fd11c7fab7a5483f6055d1e0d
-
SSDEEP
3072:wkO/HalJCaET6ApsLTMQUzUdcPNEohbIxny+P6CNRIqY9Wjtx+8OCMMV:wkOMHWlpsLTMQF37nLP6iRhY8khY
Static task
static1
Behavioral task
behavioral1
Sample
7800310c7b9e22b0528af79913ec7fa14055e228997375321404216a00b5a3b1.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
7800310c7b9e22b0528af79913ec7fa14055e228997375321404216a00b5a3b1.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
7800310c7b9e22b0528af79913ec7fa14055e228997375321404216a00b5a3b1
-
Size
233KB
-
MD5
c9604c8a94443bd545579ce55ae5ad27
-
SHA1
8f78a9d1d20762a330ea1de5df04d59d1a99dc04
-
SHA256
7800310c7b9e22b0528af79913ec7fa14055e228997375321404216a00b5a3b1
-
SHA512
7c7e6e47024449fd3a773ac84189b0b81e705a7ca174cc4e588ecd5bd64e9a3b6ea45ee8e93f2a568a200e31486b482934867c1fd11c7fab7a5483f6055d1e0d
-
SSDEEP
3072:wkO/HalJCaET6ApsLTMQUzUdcPNEohbIxny+P6CNRIqY9Wjtx+8OCMMV:wkOMHWlpsLTMQF37nLP6iRhY8khY
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1