General
-
Target
015e6a91fc2397216cdf2e0c0e7e4132
-
Size
198KB
-
Sample
220529-tx3pwsffh2
-
MD5
015e6a91fc2397216cdf2e0c0e7e4132
-
SHA1
5f3a2877d37c6b0f392e42ac646af7afa0e45bcf
-
SHA256
29aecf60d2b78688a409dd254eba6414e13fded9ebca1ac8beb624e252ae2f0c
-
SHA512
d89c0bfc28f2ba1e697cf25e73c3196b8300be3f6b01355136fac523160671df1e84935f0b80d16db015b864a3d9d0aca2a13bf55071581a73202437d557e000
Static task
static1
Behavioral task
behavioral1
Sample
015e6a91fc2397216cdf2e0c0e7e4132.exe
Resource
win7-20220414-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
��Op��;L��jy��d-���Mݤm4�čT��t=͔]$��}D ԝd-���Mݤm4�čT_�t=��)Q��-`��@���Mݤm4�čT��t=͔]$��}D ԝd-���Mݤm4�čT��t=v�]$�
��
Targets
-
-
Target
015e6a91fc2397216cdf2e0c0e7e4132
-
Size
198KB
-
MD5
015e6a91fc2397216cdf2e0c0e7e4132
-
SHA1
5f3a2877d37c6b0f392e42ac646af7afa0e45bcf
-
SHA256
29aecf60d2b78688a409dd254eba6414e13fded9ebca1ac8beb624e252ae2f0c
-
SHA512
d89c0bfc28f2ba1e697cf25e73c3196b8300be3f6b01355136fac523160671df1e84935f0b80d16db015b864a3d9d0aca2a13bf55071581a73202437d557e000
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-