General
-
Target
54e8e28c0319b356ccc2a8b655e64368bb74167e5cb6f5bf9359567984f98c2b
-
Size
205KB
-
Sample
220613-sj5fwsdbg6
-
MD5
a27aad55fdb6ed7426a8672860cec458
-
SHA1
a121d6c2c1473df3f0eb613f9d0c03bc5b5e549d
-
SHA256
54e8e28c0319b356ccc2a8b655e64368bb74167e5cb6f5bf9359567984f98c2b
-
SHA512
df08d463e5d04309409da3b48c3b7038bac1a4b22e1400a902d304ebc4539465ddc594d6ef5c7b3ec52bbef9f88a49c4d39142d69687139569e7c7d71d41de5f
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
54e8e28c0319b356ccc2a8b655e64368bb74167e5cb6f5bf9359567984f98c2b
-
Size
205KB
-
MD5
a27aad55fdb6ed7426a8672860cec458
-
SHA1
a121d6c2c1473df3f0eb613f9d0c03bc5b5e549d
-
SHA256
54e8e28c0319b356ccc2a8b655e64368bb74167e5cb6f5bf9359567984f98c2b
-
SHA512
df08d463e5d04309409da3b48c3b7038bac1a4b22e1400a902d304ebc4539465ddc594d6ef5c7b3ec52bbef9f88a49c4d39142d69687139569e7c7d71d41de5f
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-