General
-
Target
448738e5f3bd240eea78408b4a700295
-
Size
263KB
-
Sample
220606-rey8msggb7
-
MD5
448738e5f3bd240eea78408b4a700295
-
SHA1
a5f673e08480399fc8b714ca5384c64f9efa85e4
-
SHA256
27a1d52df4f2a964e70b9c36b5e08a18589463a44a828ab88cf67c44ba8ec82e
-
SHA512
7c94cf9f2d004fa20cf3e3f5769e80d50d82fa485bbdf24a73f434ecfa827f1757e67357407df5228aa1437bca6258b82a3e1944549ae644cf3bc60a76bd3a14
Static task
static1
Behavioral task
behavioral1
Sample
448738e5f3bd240eea78408b4a700295.exe
Resource
win7-20220414-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
448738e5f3bd240eea78408b4a700295
-
Size
263KB
-
MD5
448738e5f3bd240eea78408b4a700295
-
SHA1
a5f673e08480399fc8b714ca5384c64f9efa85e4
-
SHA256
27a1d52df4f2a964e70b9c36b5e08a18589463a44a828ab88cf67c44ba8ec82e
-
SHA512
7c94cf9f2d004fa20cf3e3f5769e80d50d82fa485bbdf24a73f434ecfa827f1757e67357407df5228aa1437bca6258b82a3e1944549ae644cf3bc60a76bd3a14
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-