General
-
Target
418391b0fe4f1c20321c889e124fb17f04affb4103cc30e67282798edb55ebec
-
Size
177KB
-
Sample
220604-c1fabsebh3
-
MD5
49194bcbe76dd6886738bc34a5af5415
-
SHA1
a40f0e8c5a7fcff632b3b408543fb29f05e8a7f1
-
SHA256
418391b0fe4f1c20321c889e124fb17f04affb4103cc30e67282798edb55ebec
-
SHA512
a5a5f8e9cbff10762a62522edc7b61e29fad72421b1dacbd49d7e0cdd2264e815f046afc19d06356cf5c9ec4d7704447501c105d6c75cd3b9ad0012b0c37855d
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
418391b0fe4f1c20321c889e124fb17f04affb4103cc30e67282798edb55ebec
-
Size
177KB
-
MD5
49194bcbe76dd6886738bc34a5af5415
-
SHA1
a40f0e8c5a7fcff632b3b408543fb29f05e8a7f1
-
SHA256
418391b0fe4f1c20321c889e124fb17f04affb4103cc30e67282798edb55ebec
-
SHA512
a5a5f8e9cbff10762a62522edc7b61e29fad72421b1dacbd49d7e0cdd2264e815f046afc19d06356cf5c9ec4d7704447501c105d6c75cd3b9ad0012b0c37855d
-
XMRig Miner Payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-