General
-
Target
c9ddabbc313900958eaa2d40d3b8ef607508f8ccf5f161d63e9a6215db477bd7
-
Size
310KB
-
Sample
220605-kd9vesdefk
-
MD5
5bb9ca5f1aabfca43406d29cbc8432f4
-
SHA1
70633d38eb78313112894bc201931807693e3619
-
SHA256
c9ddabbc313900958eaa2d40d3b8ef607508f8ccf5f161d63e9a6215db477bd7
-
SHA512
d8671c6b2aa45131228381a17b4e909fd14762b021dcacae69824da6d2eb65d2af0fdc2ad37976732ce595192a583de44c4b3559b6f50e894cd010ac15e00d77
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
c9ddabbc313900958eaa2d40d3b8ef607508f8ccf5f161d63e9a6215db477bd7
-
Size
310KB
-
MD5
5bb9ca5f1aabfca43406d29cbc8432f4
-
SHA1
70633d38eb78313112894bc201931807693e3619
-
SHA256
c9ddabbc313900958eaa2d40d3b8ef607508f8ccf5f161d63e9a6215db477bd7
-
SHA512
d8671c6b2aa45131228381a17b4e909fd14762b021dcacae69824da6d2eb65d2af0fdc2ad37976732ce595192a583de44c4b3559b6f50e894cd010ac15e00d77
-
XMRig Miner Payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-