General
-
Target
qkkcfptf.exe
-
Size
11.6MB
-
Sample
240903-vgvvsa1fnj
-
MD5
fed6d9f141d4ac6b3388a2c90722bd62
-
SHA1
3480f699c94d4a520c8d92dfd2f6c84d5bd9668b
-
SHA256
b84685b177c7bbd6e54c0cd81f5ac41c02e2c77a400b71a830636f93a686eaaf
-
SHA512
f678216084e177bc51879d697f6e4201449874ed1c6f4c41fc1cb62aecf8ed5c3ab17784c1d30c481ee99c727fe0a29cd2854bdcaf554b3da425d59b5e957719
-
SSDEEP
6144:rc6OZDisWsD0Td2HJxO+m8PuG1R4WnWjrsaz:r1OZDisvwdaxO0PuG1R4CWs
Static task
static1
Behavioral task
behavioral1
Sample
qkkcfptf.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
qkkcfptf.exe
Resource
win7-20240903-en
Behavioral task
behavioral3
Sample
qkkcfptf.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral4
Sample
qkkcfptf.exe
Resource
win11-20240802-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
qkkcfptf.exe
-
Size
11.6MB
-
MD5
fed6d9f141d4ac6b3388a2c90722bd62
-
SHA1
3480f699c94d4a520c8d92dfd2f6c84d5bd9668b
-
SHA256
b84685b177c7bbd6e54c0cd81f5ac41c02e2c77a400b71a830636f93a686eaaf
-
SHA512
f678216084e177bc51879d697f6e4201449874ed1c6f4c41fc1cb62aecf8ed5c3ab17784c1d30c481ee99c727fe0a29cd2854bdcaf554b3da425d59b5e957719
-
SSDEEP
6144:rc6OZDisWsD0Td2HJxO+m8PuG1R4WnWjrsaz:r1OZDisvwdaxO0PuG1R4CWs
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
2