General
-
Target
JaffaCakes118_553ce75a13c88ab7422641d393c472170ff4368e79eaa1715ab7611bc3ef508d
-
Size
158KB
-
Sample
241224-xdnneatnhx
-
MD5
7cedde86e6bd1a06c443cada40905aa9
-
SHA1
4577f0b655f3ba1c19ccba4192e6e5fce180fc30
-
SHA256
553ce75a13c88ab7422641d393c472170ff4368e79eaa1715ab7611bc3ef508d
-
SHA512
94a3fe5ec3d1c452a29533751ce02f627262e57cb8e847f2ee8737884812d546c2c479bd4d5b6cf025135eb4a610f9a7642272e34ccc5151038087871b9b7693
-
SSDEEP
3072:n6hHIc3hRprDrShR1Wrb0ykBIm9w0e7hwiXJlx+It4RQcS3Xdif940noDcG:6thR1iR1WrbEe7yiXVxt4RQFHEfJ2
Static task
static1
Behavioral task
behavioral1
Sample
02b4c3dcc4673e8e5b5209e2cbad26584be30b40b082d0bf906ae4d60e9487a2.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
02b4c3dcc4673e8e5b5209e2cbad26584be30b40b082d0bf906ae4d60e9487a2.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
02b4c3dcc4673e8e5b5209e2cbad26584be30b40b082d0bf906ae4d60e9487a2
-
Size
260KB
-
MD5
ef7e4a69cb1f773ee7b5ac597f06418a
-
SHA1
7c09ac3d21a7e7866f8a74c6e39f496a75e005ee
-
SHA256
02b4c3dcc4673e8e5b5209e2cbad26584be30b40b082d0bf906ae4d60e9487a2
-
SHA512
bec3b85d3bfa56ab5b1427d870f81bbca45a3bb301c524eca29960185832a3664d449e8d4d320926139d3ec97f425b13e6fbd3b62adcf09987ad82c40f80a7a7
-
SSDEEP
3072:LuJFB8IkKLXHxuvz5q3jzQctU7cw0e7hwiXJl8T4DKFbJOxjw0L9l5M/h3:+FBFTLXx9zQctze7yiX4kMOxjw0xT
-
Tofsee family
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
2