General
-
Target
3485f9f294dfb5f50f6d5779fd0cc287de203e80b76d6644c56686564311c987
-
Size
196KB
-
Sample
220603-2kfzcsfdh4
-
MD5
a484b46188845a656da46b66f94fef60
-
SHA1
74fbdae3970bbf8612ff1ce7f4c43ef7d60b6b20
-
SHA256
3485f9f294dfb5f50f6d5779fd0cc287de203e80b76d6644c56686564311c987
-
SHA512
9e45a7721119990f7cc8adc0b99ef0709cf6c8a6a79f49a3982dcfe4003699f5e50609407c4511bc0091dfb7584abcee216854135ddcfd9454915459eaaeb2e9
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
3485f9f294dfb5f50f6d5779fd0cc287de203e80b76d6644c56686564311c987
-
Size
196KB
-
MD5
a484b46188845a656da46b66f94fef60
-
SHA1
74fbdae3970bbf8612ff1ce7f4c43ef7d60b6b20
-
SHA256
3485f9f294dfb5f50f6d5779fd0cc287de203e80b76d6644c56686564311c987
-
SHA512
9e45a7721119990f7cc8adc0b99ef0709cf6c8a6a79f49a3982dcfe4003699f5e50609407c4511bc0091dfb7584abcee216854135ddcfd9454915459eaaeb2e9
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-