General
-
Target
9d1fe9a2662b8197482fd35c451577ac.exe
-
Size
309KB
-
Sample
220608-k9lgpseghl
-
MD5
9d1fe9a2662b8197482fd35c451577ac
-
SHA1
da070a55592640ca42b9e4f38a3f7c3eee2522c1
-
SHA256
de2146a97f1318d0957c808c23fa813c64955ced2187cdd2cef9d4971f5fc3a5
-
SHA512
34ad51dd9206777d24b680c2fe329d876e711c143be5aa8c3ebee52409c4fe0b14ff8378ef805c307236dbd62d991eaf41cdd6403057e6f05305b7cb40fe704a
Static task
static1
Behavioral task
behavioral1
Sample
9d1fe9a2662b8197482fd35c451577ac.exe
Resource
win7-20220414-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
9d1fe9a2662b8197482fd35c451577ac.exe
-
Size
309KB
-
MD5
9d1fe9a2662b8197482fd35c451577ac
-
SHA1
da070a55592640ca42b9e4f38a3f7c3eee2522c1
-
SHA256
de2146a97f1318d0957c808c23fa813c64955ced2187cdd2cef9d4971f5fc3a5
-
SHA512
34ad51dd9206777d24b680c2fe329d876e711c143be5aa8c3ebee52409c4fe0b14ff8378ef805c307236dbd62d991eaf41cdd6403057e6f05305b7cb40fe704a
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-