General
-
Target
35956f6f8a89c4214dec4acb5134989ae598b1d258226e2c79abafbc2e9587ce
-
Size
266KB
-
Sample
220605-rz89cabcd9
-
MD5
e89afe9d7e708a4e1837cf2759db55b7
-
SHA1
847e7962e48dd5307ebfd2cd0ad390f881f81135
-
SHA256
35956f6f8a89c4214dec4acb5134989ae598b1d258226e2c79abafbc2e9587ce
-
SHA512
d9e080c94b52b3b302b525abe7a2cfa3382ef5800eef1f3e649381bea77a24e0d8e4659c664a15a6f01bd25c45e8a1af15f89c6f5d4a53b26096b3d2084ea4c4
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
35956f6f8a89c4214dec4acb5134989ae598b1d258226e2c79abafbc2e9587ce
-
Size
266KB
-
MD5
e89afe9d7e708a4e1837cf2759db55b7
-
SHA1
847e7962e48dd5307ebfd2cd0ad390f881f81135
-
SHA256
35956f6f8a89c4214dec4acb5134989ae598b1d258226e2c79abafbc2e9587ce
-
SHA512
d9e080c94b52b3b302b525abe7a2cfa3382ef5800eef1f3e649381bea77a24e0d8e4659c664a15a6f01bd25c45e8a1af15f89c6f5d4a53b26096b3d2084ea4c4
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-