General
-
Target
4ca8952f973faedc8c81d9cc36b0bdf1f3b61b410ff100cf443688b384034ab4
-
Size
265KB
-
Sample
220605-vjbjxscba3
-
MD5
24a82484210bd259dc1c98e85a25c2a2
-
SHA1
49a2d7aa3c473957dae72d9d98095a28beaf9d9a
-
SHA256
4ca8952f973faedc8c81d9cc36b0bdf1f3b61b410ff100cf443688b384034ab4
-
SHA512
3b975aa3f3b05514300a62a837c718e6a611d9153d7925d72bee40b0615b5a97c908b82bedd4c9c03ce5c575e054de4ecb0a6f2d3826b3837fa66332ed957a34
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
4ca8952f973faedc8c81d9cc36b0bdf1f3b61b410ff100cf443688b384034ab4
-
Size
265KB
-
MD5
24a82484210bd259dc1c98e85a25c2a2
-
SHA1
49a2d7aa3c473957dae72d9d98095a28beaf9d9a
-
SHA256
4ca8952f973faedc8c81d9cc36b0bdf1f3b61b410ff100cf443688b384034ab4
-
SHA512
3b975aa3f3b05514300a62a837c718e6a611d9153d7925d72bee40b0615b5a97c908b82bedd4c9c03ce5c575e054de4ecb0a6f2d3826b3837fa66332ed957a34
-
XMRig Miner Payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-