General
-
Target
39451219a01e902b2d7516d4c29cd124d0fa1bb594774d450a55b39e3da5ca1f
-
Size
258KB
-
Sample
220613-3plababcer
-
MD5
dbccbd372a45961e3d84b89e3d355c34
-
SHA1
5f70c8cf6fe1cea5adeecaa7ddc3784d33700541
-
SHA256
39451219a01e902b2d7516d4c29cd124d0fa1bb594774d450a55b39e3da5ca1f
-
SHA512
bdd383d249c43ab3a3081ae9261bd55e672d3ecf24b8a889d3fde0e45d306995c3aabfc612398010818fb0ff017fda73c0ec8f4f1f0eb37e9865e4ff7ef64db9
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
39451219a01e902b2d7516d4c29cd124d0fa1bb594774d450a55b39e3da5ca1f
-
Size
258KB
-
MD5
dbccbd372a45961e3d84b89e3d355c34
-
SHA1
5f70c8cf6fe1cea5adeecaa7ddc3784d33700541
-
SHA256
39451219a01e902b2d7516d4c29cd124d0fa1bb594774d450a55b39e3da5ca1f
-
SHA512
bdd383d249c43ab3a3081ae9261bd55e672d3ecf24b8a889d3fde0e45d306995c3aabfc612398010818fb0ff017fda73c0ec8f4f1f0eb37e9865e4ff7ef64db9
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-