General
-
Target
0bd45444e6844355a7792eeedd413e352092e14a76c97b4bfb775377f90227f5
-
Size
180KB
-
Sample
220604-tfza5seah4
-
MD5
d43fbaf581ad40924fc3f931a84c9bf0
-
SHA1
60d3e8efa40d45c865b46180ad9105fbe052230d
-
SHA256
0bd45444e6844355a7792eeedd413e352092e14a76c97b4bfb775377f90227f5
-
SHA512
23f7f0c738c60dab1a3996ecec708ec798f88a9cd91f6d65f0358fcae7ecbaa4c072905ae18b745de232a0bcf799c548723ce3597e6babd7d5b851a964db5acf
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
0bd45444e6844355a7792eeedd413e352092e14a76c97b4bfb775377f90227f5
-
Size
180KB
-
MD5
d43fbaf581ad40924fc3f931a84c9bf0
-
SHA1
60d3e8efa40d45c865b46180ad9105fbe052230d
-
SHA256
0bd45444e6844355a7792eeedd413e352092e14a76c97b4bfb775377f90227f5
-
SHA512
23f7f0c738c60dab1a3996ecec708ec798f88a9cd91f6d65f0358fcae7ecbaa4c072905ae18b745de232a0bcf799c548723ce3597e6babd7d5b851a964db5acf
-
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
XMRig Miner Payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-