General
-
Target
8e66982fc0a205319d011367e92aa48a5246ab746304d65a188cb1014b36d889
-
Size
185KB
-
Sample
220613-f8hl7sabc2
-
MD5
15e05230fbc1c91b831be1e904510cfc
-
SHA1
cd064093ad52a1bda0e8851d1e3208103b37ccb1
-
SHA256
8e66982fc0a205319d011367e92aa48a5246ab746304d65a188cb1014b36d889
-
SHA512
b7d497bf42784ec07ca00eae4c00eea1260cac48cf71d99e0b48c1aeb5b828c7c978e57425fcc524633c7c85b07ed35568c4322c9567f71b62bbc5aed8b7f670
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
8e66982fc0a205319d011367e92aa48a5246ab746304d65a188cb1014b36d889
-
Size
185KB
-
MD5
15e05230fbc1c91b831be1e904510cfc
-
SHA1
cd064093ad52a1bda0e8851d1e3208103b37ccb1
-
SHA256
8e66982fc0a205319d011367e92aa48a5246ab746304d65a188cb1014b36d889
-
SHA512
b7d497bf42784ec07ca00eae4c00eea1260cac48cf71d99e0b48c1aeb5b828c7c978e57425fcc524633c7c85b07ed35568c4322c9567f71b62bbc5aed8b7f670
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-