General
-
Target
bfabf02b846c1cd0634fa1bf8a95e4aa.exe
-
Size
238KB
-
Sample
240925-ggamys1epb
-
MD5
bfabf02b846c1cd0634fa1bf8a95e4aa
-
SHA1
912bf8c8c515c98ed82f6ac94ce3517dde29fc6d
-
SHA256
f4de268ea469d180cfe44713d1b0f5fcf8ea3270af525c6e040497b43a414e1b
-
SHA512
464b3969a5e5ea0d7d00be5a7a606139a254ee603ad9ff30bfba1b1f70723d85312e76287e88ad7cc47a171f6f4e21723319df0f2404b68dff06e1318d9dd7ae
-
SSDEEP
3072:EVW80fS45N6hqQLAp+b6+y9vZvTDmnCVN3Z4S4y9gkkhf3FCWs/xy/Q:1fS45N6hk+yfnrjZ4SteGw/Q
Static task
static1
Behavioral task
behavioral1
Sample
bfabf02b846c1cd0634fa1bf8a95e4aa.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
bfabf02b846c1cd0634fa1bf8a95e4aa.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
bfabf02b846c1cd0634fa1bf8a95e4aa.exe
-
Size
238KB
-
MD5
bfabf02b846c1cd0634fa1bf8a95e4aa
-
SHA1
912bf8c8c515c98ed82f6ac94ce3517dde29fc6d
-
SHA256
f4de268ea469d180cfe44713d1b0f5fcf8ea3270af525c6e040497b43a414e1b
-
SHA512
464b3969a5e5ea0d7d00be5a7a606139a254ee603ad9ff30bfba1b1f70723d85312e76287e88ad7cc47a171f6f4e21723319df0f2404b68dff06e1318d9dd7ae
-
SSDEEP
3072:EVW80fS45N6hqQLAp+b6+y9vZvTDmnCVN3Z4S4y9gkkhf3FCWs/xy/Q:1fS45N6hk+yfnrjZ4SteGw/Q
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
2