General
-
Target
12c020a71de01f1a8251fca4ac54e2bcb32e18a13d35dc12bde417c746337738
-
Size
197KB
-
Sample
220604-z78lsaacdk
-
MD5
a1f56bfecb723eaaf37e244883fd9894
-
SHA1
b747dd70ebbd7eac0142a6b268fd1231fff36b21
-
SHA256
12c020a71de01f1a8251fca4ac54e2bcb32e18a13d35dc12bde417c746337738
-
SHA512
092b4c7ce6aec0303a04e63889cfd6ec17b98a4e18aeec893316ef7cf13a8a7b4bfa90384ce2a4c52dbaf1a4080366cfeb863f459bec876aa405d9201c234f83
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
12c020a71de01f1a8251fca4ac54e2bcb32e18a13d35dc12bde417c746337738
-
Size
197KB
-
MD5
a1f56bfecb723eaaf37e244883fd9894
-
SHA1
b747dd70ebbd7eac0142a6b268fd1231fff36b21
-
SHA256
12c020a71de01f1a8251fca4ac54e2bcb32e18a13d35dc12bde417c746337738
-
SHA512
092b4c7ce6aec0303a04e63889cfd6ec17b98a4e18aeec893316ef7cf13a8a7b4bfa90384ce2a4c52dbaf1a4080366cfeb863f459bec876aa405d9201c234f83
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-