General
-
Target
5e3d15bd0acac86c98b4606e40149922d32c611161ba9b337e33e68d3b725831
-
Size
196KB
-
Sample
220604-hrdysscac6
-
MD5
5b2a606e780ef398a7b3d047db5589d0
-
SHA1
669dca601722deab8f639c1a24232e6749b010fb
-
SHA256
5e3d15bd0acac86c98b4606e40149922d32c611161ba9b337e33e68d3b725831
-
SHA512
531058f12e8a52201f942b49ae7555d16a60f9fcae27e54111bda8e89b73d7072f436d81674ead810926bb673155eab1c9de782e5d9d01fa0b69ebeb8bc3295f
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
5e3d15bd0acac86c98b4606e40149922d32c611161ba9b337e33e68d3b725831
-
Size
196KB
-
MD5
5b2a606e780ef398a7b3d047db5589d0
-
SHA1
669dca601722deab8f639c1a24232e6749b010fb
-
SHA256
5e3d15bd0acac86c98b4606e40149922d32c611161ba9b337e33e68d3b725831
-
SHA512
531058f12e8a52201f942b49ae7555d16a60f9fcae27e54111bda8e89b73d7072f436d81674ead810926bb673155eab1c9de782e5d9d01fa0b69ebeb8bc3295f
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-