General
-
Target
24c566337e1f6cd3bfefaee2712ac3b50d09d3017a60e3530325b3a9b455e660
-
Size
292KB
-
Sample
240721-wyeqka1ekj
-
MD5
45a768a817294222febe38b11e8c5350
-
SHA1
48370775c6d91c4079551a4c6397b5aca6a7a98a
-
SHA256
24c566337e1f6cd3bfefaee2712ac3b50d09d3017a60e3530325b3a9b455e660
-
SHA512
a707d3a43a04d0a07a203c21d609002d6c2dd8d6584134cfd871cdd27150d6f5e88949b6ee6d029e3690e906abb393232140c00e31299c2995d07fe5629da1b6
-
SSDEEP
6144:5+kAPhmN4QCnKjUI+5zx2rBniCtqxg/Q+:GsNHCnKjq5VfCtiu
Static task
static1
Behavioral task
behavioral1
Sample
24c566337e1f6cd3bfefaee2712ac3b50d09d3017a60e3530325b3a9b455e660.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
24c566337e1f6cd3bfefaee2712ac3b50d09d3017a60e3530325b3a9b455e660.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
24c566337e1f6cd3bfefaee2712ac3b50d09d3017a60e3530325b3a9b455e660
-
Size
292KB
-
MD5
45a768a817294222febe38b11e8c5350
-
SHA1
48370775c6d91c4079551a4c6397b5aca6a7a98a
-
SHA256
24c566337e1f6cd3bfefaee2712ac3b50d09d3017a60e3530325b3a9b455e660
-
SHA512
a707d3a43a04d0a07a203c21d609002d6c2dd8d6584134cfd871cdd27150d6f5e88949b6ee6d029e3690e906abb393232140c00e31299c2995d07fe5629da1b6
-
SSDEEP
6144:5+kAPhmN4QCnKjUI+5zx2rBniCtqxg/Q+:GsNHCnKjq5VfCtiu
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1