General
-
Target
af5c4e5401f3738f5151c04f0758e625cc7b57518256bfbc2fa68e70afa135ca
-
Size
310KB
-
Sample
220605-kdjm8shch9
-
MD5
b20cf306a1e5f6ada69f9ce5f7a7dd53
-
SHA1
7a1b871db7d736b0f1cb8d17cadff1021d5118aa
-
SHA256
af5c4e5401f3738f5151c04f0758e625cc7b57518256bfbc2fa68e70afa135ca
-
SHA512
b96868eb140ec919fbb8220955a5b9b7bca2639831f450ba92c1c321c4d0c9ddb9b9fe13993fd95ad087de879dd14bd8ea77e01ea6d58692d95f43654b36e709
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
af5c4e5401f3738f5151c04f0758e625cc7b57518256bfbc2fa68e70afa135ca
-
Size
310KB
-
MD5
b20cf306a1e5f6ada69f9ce5f7a7dd53
-
SHA1
7a1b871db7d736b0f1cb8d17cadff1021d5118aa
-
SHA256
af5c4e5401f3738f5151c04f0758e625cc7b57518256bfbc2fa68e70afa135ca
-
SHA512
b96868eb140ec919fbb8220955a5b9b7bca2639831f450ba92c1c321c4d0c9ddb9b9fe13993fd95ad087de879dd14bd8ea77e01ea6d58692d95f43654b36e709
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-