General
-
Target
12ec1fe952f14a4d6a903ae4a84a5c14.exe
-
Size
279KB
-
Sample
220605-j1421sddcp
-
MD5
12ec1fe952f14a4d6a903ae4a84a5c14
-
SHA1
99569066968f6b7eac617720a7a6722214fb6f94
-
SHA256
1b27224ec9506f0880abbf3876463efcf18c0060bfd2cdd697c538c07882acb5
-
SHA512
024ddf7a1a2b691684feb1f3e1d14ff684a8dd135a8a36e5ede4f31283342d5926c89f05d73c94329b40bf95ffef56f8d9bc9140b30233921a952b1630de448e
Static task
static1
Behavioral task
behavioral1
Sample
12ec1fe952f14a4d6a903ae4a84a5c14.exe
Resource
win7-20220414-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
12ec1fe952f14a4d6a903ae4a84a5c14.exe
-
Size
279KB
-
MD5
12ec1fe952f14a4d6a903ae4a84a5c14
-
SHA1
99569066968f6b7eac617720a7a6722214fb6f94
-
SHA256
1b27224ec9506f0880abbf3876463efcf18c0060bfd2cdd697c538c07882acb5
-
SHA512
024ddf7a1a2b691684feb1f3e1d14ff684a8dd135a8a36e5ede4f31283342d5926c89f05d73c94329b40bf95ffef56f8d9bc9140b30233921a952b1630de448e
-
XMRig Miner Payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-