General
-
Target
610f5bcc5df6dd24a9cb54d1d129fa42ab61b85d136fba43cd734ba6238fcbfc
-
Size
265KB
-
Sample
220606-blr5xahgfp
-
MD5
52d49a7a5c1ae1b188df4aeb8352423b
-
SHA1
1cf1693ca24c0190c3a055dba4f8ebffdf6d374e
-
SHA256
610f5bcc5df6dd24a9cb54d1d129fa42ab61b85d136fba43cd734ba6238fcbfc
-
SHA512
d9f0071d2875cc4756b8b65bd29760c414f12b63da30cdb1df5a17d5de50472058ff8d4e067c22a837e73084e0a01cbb9565997066b85c31195e22fc2a19995d
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
610f5bcc5df6dd24a9cb54d1d129fa42ab61b85d136fba43cd734ba6238fcbfc
-
Size
265KB
-
MD5
52d49a7a5c1ae1b188df4aeb8352423b
-
SHA1
1cf1693ca24c0190c3a055dba4f8ebffdf6d374e
-
SHA256
610f5bcc5df6dd24a9cb54d1d129fa42ab61b85d136fba43cd734ba6238fcbfc
-
SHA512
d9f0071d2875cc4756b8b65bd29760c414f12b63da30cdb1df5a17d5de50472058ff8d4e067c22a837e73084e0a01cbb9565997066b85c31195e22fc2a19995d
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-