General
-
Target
1299da7bd846030ce6310b1bb2b3f7d34e297fbff08b5888532b9defb221bd14
-
Size
180KB
-
Sample
220604-mkyf3sbgd2
-
MD5
23456d51bba1cf148ae1f7e9ffcd4ec3
-
SHA1
9dc4abccb1b3892c2e2c824072b07659771c1fd2
-
SHA256
1299da7bd846030ce6310b1bb2b3f7d34e297fbff08b5888532b9defb221bd14
-
SHA512
666cb991137ce2c18220efbbe18767e174a3694ff1712de4d00cf147cb90fbdfce4b03444f10d359d695a457408615dcc09cd7cc812672b30ea86b54f6461d38
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
1299da7bd846030ce6310b1bb2b3f7d34e297fbff08b5888532b9defb221bd14
-
Size
180KB
-
MD5
23456d51bba1cf148ae1f7e9ffcd4ec3
-
SHA1
9dc4abccb1b3892c2e2c824072b07659771c1fd2
-
SHA256
1299da7bd846030ce6310b1bb2b3f7d34e297fbff08b5888532b9defb221bd14
-
SHA512
666cb991137ce2c18220efbbe18767e174a3694ff1712de4d00cf147cb90fbdfce4b03444f10d359d695a457408615dcc09cd7cc812672b30ea86b54f6461d38
-
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
XMRig Miner Payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-