General
-
Target
845a46359f70ee6239449687ff17a631a2ed3da455ff41cd7eafa288b19ecccd
-
Size
196KB
-
Sample
220604-jy4y8sadfk
-
MD5
5744b2adddfd9ef7d143291a8f78e555
-
SHA1
8608a8b0a759973079634bae41baa74b1228fdac
-
SHA256
845a46359f70ee6239449687ff17a631a2ed3da455ff41cd7eafa288b19ecccd
-
SHA512
d1be4b93b1701870f2b3141aba5ffdc06c39b62419136433daaa06bffea98d8a864c8222f26e7bc1b6c30769ca5460b6947d35ff180d4ad86bf01593246b4655
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
845a46359f70ee6239449687ff17a631a2ed3da455ff41cd7eafa288b19ecccd
-
Size
196KB
-
MD5
5744b2adddfd9ef7d143291a8f78e555
-
SHA1
8608a8b0a759973079634bae41baa74b1228fdac
-
SHA256
845a46359f70ee6239449687ff17a631a2ed3da455ff41cd7eafa288b19ecccd
-
SHA512
d1be4b93b1701870f2b3141aba5ffdc06c39b62419136433daaa06bffea98d8a864c8222f26e7bc1b6c30769ca5460b6947d35ff180d4ad86bf01593246b4655
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-