General
-
Target
fc7bed6a4223ff0dc9a3747deedd5f27185494705181f58d750767b405607b98
-
Size
177KB
-
Sample
220604-kewzysbdan
-
MD5
1eadea085d45526a7084ce29d71c0630
-
SHA1
83697f995d7b4e5d1fdd5f6a5140075d77df9327
-
SHA256
fc7bed6a4223ff0dc9a3747deedd5f27185494705181f58d750767b405607b98
-
SHA512
d0e7f96819b195919c99dbd1913da222818ee3f090b2d1e43972dea0cd8992a8aa4873cf82aa432c8580515cbda64bc8e457385b49809841881c874480aeeb3b
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
fc7bed6a4223ff0dc9a3747deedd5f27185494705181f58d750767b405607b98
-
Size
177KB
-
MD5
1eadea085d45526a7084ce29d71c0630
-
SHA1
83697f995d7b4e5d1fdd5f6a5140075d77df9327
-
SHA256
fc7bed6a4223ff0dc9a3747deedd5f27185494705181f58d750767b405607b98
-
SHA512
d0e7f96819b195919c99dbd1913da222818ee3f090b2d1e43972dea0cd8992a8aa4873cf82aa432c8580515cbda64bc8e457385b49809841881c874480aeeb3b
-
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
XMRig Miner Payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-