General
-
Target
54e3d51c2243fd6cde8077894dc0d648e8580978554d73e6485cb9a55822cabc
-
Size
265KB
-
Sample
220605-vdcj2agcfq
-
MD5
5b25789fe350d2a6ba2210eb9aa435b4
-
SHA1
f749063f1e6f0e6dcb882b2f6b2477e051eb0474
-
SHA256
54e3d51c2243fd6cde8077894dc0d648e8580978554d73e6485cb9a55822cabc
-
SHA512
25858e4f9a07da7fc12de5ac5297a5e0ebafa7b522e672552b21449857cd04f906220381c1ee575bfdc6a45f2d991309ded706aed533a818d896fcc958372caf
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
54e3d51c2243fd6cde8077894dc0d648e8580978554d73e6485cb9a55822cabc
-
Size
265KB
-
MD5
5b25789fe350d2a6ba2210eb9aa435b4
-
SHA1
f749063f1e6f0e6dcb882b2f6b2477e051eb0474
-
SHA256
54e3d51c2243fd6cde8077894dc0d648e8580978554d73e6485cb9a55822cabc
-
SHA512
25858e4f9a07da7fc12de5ac5297a5e0ebafa7b522e672552b21449857cd04f906220381c1ee575bfdc6a45f2d991309ded706aed533a818d896fcc958372caf
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-