General
-
Target
97264c9b950e01fa289fce0a844921dc7dc12c0a774df5c87e9bf3749138a666
-
Size
177KB
-
Sample
220603-21k81sgce5
-
MD5
8697adc186d13bdc00ebd851bcbf53f9
-
SHA1
dfdd5d94e9031e36af868fd5629096432bda8f65
-
SHA256
97264c9b950e01fa289fce0a844921dc7dc12c0a774df5c87e9bf3749138a666
-
SHA512
62ee582785251495286000c4e1f43a31011cec232a9e91c23a6fb7e68d0914016f99da2db2de108b8c55ce62fb3ecb6f5efa27768b9960b39b22b8c5714a974f
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
97264c9b950e01fa289fce0a844921dc7dc12c0a774df5c87e9bf3749138a666
-
Size
177KB
-
MD5
8697adc186d13bdc00ebd851bcbf53f9
-
SHA1
dfdd5d94e9031e36af868fd5629096432bda8f65
-
SHA256
97264c9b950e01fa289fce0a844921dc7dc12c0a774df5c87e9bf3749138a666
-
SHA512
62ee582785251495286000c4e1f43a31011cec232a9e91c23a6fb7e68d0914016f99da2db2de108b8c55ce62fb3ecb6f5efa27768b9960b39b22b8c5714a974f
-
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
XMRig Miner Payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-