General
-
Target
e261ca109358b3244e32550fa951a8a6e7d5150dd2c67c74748902da2ffbca6b
-
Size
170KB
-
Sample
240718-yq8psaxbnf
-
MD5
4415e2bbc806aab120371e1b2aed148e
-
SHA1
647383818d35b8505b6783eefc475025eb5d2460
-
SHA256
e261ca109358b3244e32550fa951a8a6e7d5150dd2c67c74748902da2ffbca6b
-
SHA512
68509381cec5375f3e990e5309ab91fc02677f5808aebe15a184668b2ae617942b6f00a96018a9a5a47e4094be8e37d3fa0e6faba45651997d01e1f6ce54b286
-
SSDEEP
3072:E1UmLHri3HXt+TEkpkZLUuRjFD8RG1vrxDd5sBpYFBJBXETBS:KLL43t+TjSZLl5IRzYFpGS
Static task
static1
Behavioral task
behavioral1
Sample
e261ca109358b3244e32550fa951a8a6e7d5150dd2c67c74748902da2ffbca6b.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
e261ca109358b3244e32550fa951a8a6e7d5150dd2c67c74748902da2ffbca6b.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
e261ca109358b3244e32550fa951a8a6e7d5150dd2c67c74748902da2ffbca6b
-
Size
170KB
-
MD5
4415e2bbc806aab120371e1b2aed148e
-
SHA1
647383818d35b8505b6783eefc475025eb5d2460
-
SHA256
e261ca109358b3244e32550fa951a8a6e7d5150dd2c67c74748902da2ffbca6b
-
SHA512
68509381cec5375f3e990e5309ab91fc02677f5808aebe15a184668b2ae617942b6f00a96018a9a5a47e4094be8e37d3fa0e6faba45651997d01e1f6ce54b286
-
SSDEEP
3072:E1UmLHri3HXt+TEkpkZLUuRjFD8RG1vrxDd5sBpYFBJBXETBS:KLL43t+TjSZLl5IRzYFpGS
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1