General
-
Target
7dc63527cec7b55e496323545391b2107bfdd3d17c36654bb77c15a1b3d99f4b
-
Size
310KB
-
Sample
220605-b9q8hsfdh5
-
MD5
c1cfed7289ee988faef177e3ec37e5bf
-
SHA1
90888ddfc5af6ba4f1104303fadf047d0a88821a
-
SHA256
7dc63527cec7b55e496323545391b2107bfdd3d17c36654bb77c15a1b3d99f4b
-
SHA512
e512dfdaa62ec1f8e4ed88789e162dfdd3762129a2e11222fb9d9ac973b9de3ed75a99b036c9d422c5a07c4bb8423aad2177b7c67ef6fcdee9801990b1956b80
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
7dc63527cec7b55e496323545391b2107bfdd3d17c36654bb77c15a1b3d99f4b
-
Size
310KB
-
MD5
c1cfed7289ee988faef177e3ec37e5bf
-
SHA1
90888ddfc5af6ba4f1104303fadf047d0a88821a
-
SHA256
7dc63527cec7b55e496323545391b2107bfdd3d17c36654bb77c15a1b3d99f4b
-
SHA512
e512dfdaa62ec1f8e4ed88789e162dfdd3762129a2e11222fb9d9ac973b9de3ed75a99b036c9d422c5a07c4bb8423aad2177b7c67ef6fcdee9801990b1956b80
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-