General
-
Target
84c8c34d9ac8526b317a7447c3abfe046869c435658b25ec12b621010fc34439
-
Size
198KB
-
Sample
220604-184jwsafbq
-
MD5
06126325bcc7401f82f6657995d5812c
-
SHA1
241ece19612504488c7daf2a1b5456afdec6ec69
-
SHA256
84c8c34d9ac8526b317a7447c3abfe046869c435658b25ec12b621010fc34439
-
SHA512
531bd8ae0249b9003fc38690ed370d07f0be182c1f1004ee5674502a4cedfd7f8cef9f7db73ee0d9a3bada8bbae4c9663fbc2ba9f8c7dc4e50e311a37f85adce
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
84c8c34d9ac8526b317a7447c3abfe046869c435658b25ec12b621010fc34439
-
Size
198KB
-
MD5
06126325bcc7401f82f6657995d5812c
-
SHA1
241ece19612504488c7daf2a1b5456afdec6ec69
-
SHA256
84c8c34d9ac8526b317a7447c3abfe046869c435658b25ec12b621010fc34439
-
SHA512
531bd8ae0249b9003fc38690ed370d07f0be182c1f1004ee5674502a4cedfd7f8cef9f7db73ee0d9a3bada8bbae4c9663fbc2ba9f8c7dc4e50e311a37f85adce
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-