General
-
Target
cfb0167789afda2bbb128bd1a1bb5215e80f9696c64b79e323009fa520e01084
-
Size
184KB
-
Sample
220613-aaw42sgfb9
-
MD5
24bae7564d593509b1435819274eb1d1
-
SHA1
f84a36a40ba2a992624a77772239eaffac860f82
-
SHA256
cfb0167789afda2bbb128bd1a1bb5215e80f9696c64b79e323009fa520e01084
-
SHA512
b319582661db52a4f20a7d88d6db8270b1229e1b29b3c933663dadc06ce483e29e01735b46a4babe563e4d3b1205518a1e8eecd0a8ad92ab0d8e7ce2379fac39
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
cfb0167789afda2bbb128bd1a1bb5215e80f9696c64b79e323009fa520e01084
-
Size
184KB
-
MD5
24bae7564d593509b1435819274eb1d1
-
SHA1
f84a36a40ba2a992624a77772239eaffac860f82
-
SHA256
cfb0167789afda2bbb128bd1a1bb5215e80f9696c64b79e323009fa520e01084
-
SHA512
b319582661db52a4f20a7d88d6db8270b1229e1b29b3c933663dadc06ce483e29e01735b46a4babe563e4d3b1205518a1e8eecd0a8ad92ab0d8e7ce2379fac39
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-