General
-
Target
cf588ede4411f59c745c1be6a146cf413e7ecb3e587052d9c5f0c894b325e336
-
Size
184KB
-
Sample
220612-tx31nafean
-
MD5
53915f470e6dac5ff176435c9c2dc9a0
-
SHA1
2ba83fcac1347a9e27fbfbb43f96caa3214fb563
-
SHA256
cf588ede4411f59c745c1be6a146cf413e7ecb3e587052d9c5f0c894b325e336
-
SHA512
c35352b06c8819e4cb2dcb15da03368466fc0fdfde9fe166c747e91db4cab2a0e9cade12874fe994b32522b14f43979bb1ef9ec632bc42f96c60f9f0442d3b9b
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
cf588ede4411f59c745c1be6a146cf413e7ecb3e587052d9c5f0c894b325e336
-
Size
184KB
-
MD5
53915f470e6dac5ff176435c9c2dc9a0
-
SHA1
2ba83fcac1347a9e27fbfbb43f96caa3214fb563
-
SHA256
cf588ede4411f59c745c1be6a146cf413e7ecb3e587052d9c5f0c894b325e336
-
SHA512
c35352b06c8819e4cb2dcb15da03368466fc0fdfde9fe166c747e91db4cab2a0e9cade12874fe994b32522b14f43979bb1ef9ec632bc42f96c60f9f0442d3b9b
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-