General
-
Target
a3247152e18ba6e88311f082a86515d3.bin
-
Size
111KB
-
Sample
240904-b4jlgssfkk
-
MD5
ae4802ea79e5fa009bcf99179d6a0eef
-
SHA1
1651f3242e597ea74fa346e01933d16211ca2c70
-
SHA256
714f0c6f63ab2f3290eab02829e6c71b156c96bbc8f274df3c11e839665c6bfd
-
SHA512
72949731fd569e8a53b74cbb7a22e908b4d851e6406160e21e47d3015a0669ed3321010adde4755b2f37e4291ec473c04dc575605444d3c39c4cda657aa44996
-
SSDEEP
1536:6M9ES+BBnHUvYXrqLM5yXbN/CdRWa4kpZTZ1eP3U67QfI006Hw5jcWkdHIBixEOg:6M4HYuqo5CbNQR79W3bJ0K6oBRnLP
Static task
static1
Behavioral task
behavioral1
Sample
02c6f9163a5d988cee3ab12c11e03b18329c26d6b4863004f943133654693e97.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
02c6f9163a5d988cee3ab12c11e03b18329c26d6b4863004f943133654693e97.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
02c6f9163a5d988cee3ab12c11e03b18329c26d6b4863004f943133654693e97.exe
-
Size
213KB
-
MD5
a3247152e18ba6e88311f082a86515d3
-
SHA1
80da2f14bb17f2d3ff1df6faf25622ebb8cf00c8
-
SHA256
02c6f9163a5d988cee3ab12c11e03b18329c26d6b4863004f943133654693e97
-
SHA512
b09fc49d7126b37c37f499be522c4b57e7538d2f64600bd789c93d90a315a023f0fbed9466c6069a38bb8c80bc9a6b250fcaec03b59ecfb3a40754c235c3e6d8
-
SSDEEP
3072:AOFL8HN3BB33u/iMUk6efofpWqX2hnesi5kb:tLqN3Bt36iM/ofpKhn9
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
2