General
-
Target
496ccfcd152674b9087af66d619a6839e498a154e0c16cc24505f6a1bfdc4a21
-
Size
262KB
-
Sample
220606-fh6w4seba2
-
MD5
a7a99164c3bbe973494d4314e0fb56d2
-
SHA1
95ef22c2f003bf7542ffd1a6550df3c797288bc6
-
SHA256
496ccfcd152674b9087af66d619a6839e498a154e0c16cc24505f6a1bfdc4a21
-
SHA512
85fa2dee741f87047b5389e7c41054bbf39cdb3acfdb7d515db8dfd62f200fba875a63fb65eeebe670a5cf3b4fb6841373002afaaafdc21e068f106cc025980f
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
496ccfcd152674b9087af66d619a6839e498a154e0c16cc24505f6a1bfdc4a21
-
Size
262KB
-
MD5
a7a99164c3bbe973494d4314e0fb56d2
-
SHA1
95ef22c2f003bf7542ffd1a6550df3c797288bc6
-
SHA256
496ccfcd152674b9087af66d619a6839e498a154e0c16cc24505f6a1bfdc4a21
-
SHA512
85fa2dee741f87047b5389e7c41054bbf39cdb3acfdb7d515db8dfd62f200fba875a63fb65eeebe670a5cf3b4fb6841373002afaaafdc21e068f106cc025980f
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-