General
-
Target
af1f0e613af0ddbe868587f666e84eb28732062c2ee32744d7a801f3b223c26a
-
Size
200KB
-
Sample
220604-y5bzcsdhc8
-
MD5
cc8229fba3e64720105b147bc8a05def
-
SHA1
0ec0f40b062b6e8cd56a3863441b9701826c08c5
-
SHA256
af1f0e613af0ddbe868587f666e84eb28732062c2ee32744d7a801f3b223c26a
-
SHA512
6d8c9c5d0d029fbdc028626d717b9f7b707a7c52b41f57cc372dc2204ff8e009c2ba5826b419e50b6267bd636d646ac66da0be58c61c347d92571701ac31937a
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
af1f0e613af0ddbe868587f666e84eb28732062c2ee32744d7a801f3b223c26a
-
Size
200KB
-
MD5
cc8229fba3e64720105b147bc8a05def
-
SHA1
0ec0f40b062b6e8cd56a3863441b9701826c08c5
-
SHA256
af1f0e613af0ddbe868587f666e84eb28732062c2ee32744d7a801f3b223c26a
-
SHA512
6d8c9c5d0d029fbdc028626d717b9f7b707a7c52b41f57cc372dc2204ff8e009c2ba5826b419e50b6267bd636d646ac66da0be58c61c347d92571701ac31937a
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-