General
-
Target
ebe93e813896e3ca6c9962e493791444bc1f504068190cda5a97a8e987fa0ac1
-
Size
196KB
-
Sample
220603-3sfh8sdhbj
-
MD5
267f042d308639a5273e43990d161c20
-
SHA1
6373342a1c92e093a84e52dad2b39009cec3d4aa
-
SHA256
ebe93e813896e3ca6c9962e493791444bc1f504068190cda5a97a8e987fa0ac1
-
SHA512
dcf1d920a4686e90745cb3da578f4a54ed4fe5af3c2c4af6099a5af94c4283dff59e6eaa02263a02f67f38c0a2a502375ca48437ee220b20c444e63dd2d762c1
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
ebe93e813896e3ca6c9962e493791444bc1f504068190cda5a97a8e987fa0ac1
-
Size
196KB
-
MD5
267f042d308639a5273e43990d161c20
-
SHA1
6373342a1c92e093a84e52dad2b39009cec3d4aa
-
SHA256
ebe93e813896e3ca6c9962e493791444bc1f504068190cda5a97a8e987fa0ac1
-
SHA512
dcf1d920a4686e90745cb3da578f4a54ed4fe5af3c2c4af6099a5af94c4283dff59e6eaa02263a02f67f38c0a2a502375ca48437ee220b20c444e63dd2d762c1
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-