General
-
Target
c4e4941b22293175166737686128c2fa6c51781f1434253df4e0624ecf96a802
-
Size
265KB
-
Sample
220605-w6qssscdb6
-
MD5
4d4de9714a1d888f6070d676363518ae
-
SHA1
14b8151cc8c38d16a177aaeb3e633b8c68b41ad3
-
SHA256
c4e4941b22293175166737686128c2fa6c51781f1434253df4e0624ecf96a802
-
SHA512
cda06c66360448f1a21de72c0e10dd011e75b8945d1cf759dc69aa14124132a824b136dc092c79cf4fc3fa6a628bd0e858cb525bb7a0762a38d40ee179f7dc1d
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
c4e4941b22293175166737686128c2fa6c51781f1434253df4e0624ecf96a802
-
Size
265KB
-
MD5
4d4de9714a1d888f6070d676363518ae
-
SHA1
14b8151cc8c38d16a177aaeb3e633b8c68b41ad3
-
SHA256
c4e4941b22293175166737686128c2fa6c51781f1434253df4e0624ecf96a802
-
SHA512
cda06c66360448f1a21de72c0e10dd011e75b8945d1cf759dc69aa14124132a824b136dc092c79cf4fc3fa6a628bd0e858cb525bb7a0762a38d40ee179f7dc1d
-
XMRig Miner Payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-