General
-
Target
33625a61049adc1d32e7478e65781d1d35909d033b6410f87727fc533bbb5ed8
-
Size
265KB
-
Sample
220605-qs14qaaga6
-
MD5
7e1a83a5cb0b0534588cf783c0b3dd4e
-
SHA1
9ded7ea8e1b71605ca83ef1e1083d9ec703d2dde
-
SHA256
33625a61049adc1d32e7478e65781d1d35909d033b6410f87727fc533bbb5ed8
-
SHA512
775c3f81d9494fddcce0ddd45ad6e62deed6dc6c03fd5ed0ab3f19603f813d0f8a99c290d69ae2abb80115e88775c4cb5c45912ed0e954033b5a4e912ae591d2
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
33625a61049adc1d32e7478e65781d1d35909d033b6410f87727fc533bbb5ed8
-
Size
265KB
-
MD5
7e1a83a5cb0b0534588cf783c0b3dd4e
-
SHA1
9ded7ea8e1b71605ca83ef1e1083d9ec703d2dde
-
SHA256
33625a61049adc1d32e7478e65781d1d35909d033b6410f87727fc533bbb5ed8
-
SHA512
775c3f81d9494fddcce0ddd45ad6e62deed6dc6c03fd5ed0ab3f19603f813d0f8a99c290d69ae2abb80115e88775c4cb5c45912ed0e954033b5a4e912ae591d2
-
XMRig Miner Payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-