General
-
Target
a005a2ab607819251daed1eb736c0e83989bff4f92ea2a9b79e012cfad784baa
-
Size
197KB
-
Sample
220604-3kx4baahhr
-
MD5
f7c4fad9f2e19285fa11fbe4ee0bf974
-
SHA1
4909cdd90cee25fc84102df509ea8ff9fdb377fd
-
SHA256
a005a2ab607819251daed1eb736c0e83989bff4f92ea2a9b79e012cfad784baa
-
SHA512
c8a4c69e5f3d16d1b5bd99720ce0fdc3274d7aac5e287b3df011da49845f2b1aa9935c04826c1515207ccda71921d65beccfa0081a54b07ba765e2968fcc36b2
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
a005a2ab607819251daed1eb736c0e83989bff4f92ea2a9b79e012cfad784baa
-
Size
197KB
-
MD5
f7c4fad9f2e19285fa11fbe4ee0bf974
-
SHA1
4909cdd90cee25fc84102df509ea8ff9fdb377fd
-
SHA256
a005a2ab607819251daed1eb736c0e83989bff4f92ea2a9b79e012cfad784baa
-
SHA512
c8a4c69e5f3d16d1b5bd99720ce0fdc3274d7aac5e287b3df011da49845f2b1aa9935c04826c1515207ccda71921d65beccfa0081a54b07ba765e2968fcc36b2
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-