General
-
Target
373ae2c99ce966edb79fc677a42640b6356ecbbf7cf8e02e8b6290f305e5d011
-
Size
196KB
-
Sample
220604-cydcysabbj
-
MD5
b7c45763c069df96f6351ebc8935351e
-
SHA1
a64d00abbc12d0178662465a8092d7ba2b88b369
-
SHA256
373ae2c99ce966edb79fc677a42640b6356ecbbf7cf8e02e8b6290f305e5d011
-
SHA512
eec1d6d256554b85f8c1d1187c608d628d9caf4c827349f24f3b37f7c49bc58bbdaf7ac4e6847e6ca0393b643e74c1870e6c3313dbf774298a926d6612de1604
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
373ae2c99ce966edb79fc677a42640b6356ecbbf7cf8e02e8b6290f305e5d011
-
Size
196KB
-
MD5
b7c45763c069df96f6351ebc8935351e
-
SHA1
a64d00abbc12d0178662465a8092d7ba2b88b369
-
SHA256
373ae2c99ce966edb79fc677a42640b6356ecbbf7cf8e02e8b6290f305e5d011
-
SHA512
eec1d6d256554b85f8c1d1187c608d628d9caf4c827349f24f3b37f7c49bc58bbdaf7ac4e6847e6ca0393b643e74c1870e6c3313dbf774298a926d6612de1604
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-