General
-
Target
9fbb87109b68ca1138e41cc105788f632d97f79fd5cb654bb2a732e2a302a366
-
Size
199KB
-
Sample
220604-lcgmxsdcdl
-
MD5
b7771c4767ba828d54b2abf4d3e3b7a6
-
SHA1
fc71ab978e08bd9bf9f3ee29b0cfc7eccb2795ac
-
SHA256
9fbb87109b68ca1138e41cc105788f632d97f79fd5cb654bb2a732e2a302a366
-
SHA512
3b6d28d2ecbcab4fb0cbdabc1dd14886d29a0d08e4bbb582eb53191d1a0c3ab9a3886d1a02b82216205bfa096c21e5091069d3cafa1fdd81b1268413a0010d3c
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
9fbb87109b68ca1138e41cc105788f632d97f79fd5cb654bb2a732e2a302a366
-
Size
199KB
-
MD5
b7771c4767ba828d54b2abf4d3e3b7a6
-
SHA1
fc71ab978e08bd9bf9f3ee29b0cfc7eccb2795ac
-
SHA256
9fbb87109b68ca1138e41cc105788f632d97f79fd5cb654bb2a732e2a302a366
-
SHA512
3b6d28d2ecbcab4fb0cbdabc1dd14886d29a0d08e4bbb582eb53191d1a0c3ab9a3886d1a02b82216205bfa096c21e5091069d3cafa1fdd81b1268413a0010d3c
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-