General
-
Target
21ce422164fd4587da58e19dae615ad3ccd8bb895e8c7bd4354b4262de3d8167
-
Size
215KB
-
Sample
220612-ndzagahddm
-
MD5
9d80f82158b4355f87ca968a54492ad5
-
SHA1
f7348be7badc8eaac931c3ee697ef8bb558d554e
-
SHA256
21ce422164fd4587da58e19dae615ad3ccd8bb895e8c7bd4354b4262de3d8167
-
SHA512
2a1156d21c6ac8e551e407a861b8a1b40427246860867d6b6a64f8d68c1b93f8f870758749a1879a42019166c5d50d50120d7e4a0a7bc96f35eef23580ccd605
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
21ce422164fd4587da58e19dae615ad3ccd8bb895e8c7bd4354b4262de3d8167
-
Size
215KB
-
MD5
9d80f82158b4355f87ca968a54492ad5
-
SHA1
f7348be7badc8eaac931c3ee697ef8bb558d554e
-
SHA256
21ce422164fd4587da58e19dae615ad3ccd8bb895e8c7bd4354b4262de3d8167
-
SHA512
2a1156d21c6ac8e551e407a861b8a1b40427246860867d6b6a64f8d68c1b93f8f870758749a1879a42019166c5d50d50120d7e4a0a7bc96f35eef23580ccd605
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-