General
-
Target
7545916155.zip
-
Size
144KB
-
Sample
220606-hg8enaedf3
-
MD5
f0dbf8defaa200d01571a84f73ffb615
-
SHA1
e85085d3f50d0128c7b3eebf96b95bb690f505f1
-
SHA256
af2bdcb67b12da634eebb5783619cd4f87230999fe61ea70dfe91030984bfbf1
-
SHA512
799d150fa4a1dfec6cd66e22de7b1844c1c38885c8287661435432e32d0cc567266cc764fc0e98d93340d62c4999b25a062ae1b9913e4e651964685274160748
Static task
static1
Behavioral task
behavioral1
Sample
f8a2e41ea8ca0e998bcd54d8256cb538b1e32cec4e80eb810e8df003427b886b.exe
Resource
win7-20220414-en
Malware Config
Extracted
tofsee
niflheimr.cn
jotunheim.name
Targets
-
-
Target
f8a2e41ea8ca0e998bcd54d8256cb538b1e32cec4e80eb810e8df003427b886b
-
Size
279KB
-
MD5
d30b3148cfa81c0120ff7e263d08440e
-
SHA1
6a2d819acfffebbfd48984dff663ca14ca49fe77
-
SHA256
f8a2e41ea8ca0e998bcd54d8256cb538b1e32cec4e80eb810e8df003427b886b
-
SHA512
413c082854b1cea4735daefa14d5f99d763482009382bf80706201ef94d4bd59f4777fd0ebda444d8bbaeba8bef6192f643e710796e077cfdc42f982e1d4e520
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-