General
-
Target
e6ff82c174ad04a07cb95d79a509310928493a1f38a92012b024910a7fcff2aa
-
Size
204KB
-
Sample
220613-tq4nlsdee5
-
MD5
9374ea3a36d4efde3032794f3cbfde15
-
SHA1
61259729267ec5b0fdff31672ffb77ae56c3b44f
-
SHA256
e6ff82c174ad04a07cb95d79a509310928493a1f38a92012b024910a7fcff2aa
-
SHA512
cbf68d52877ef78953ca5581c107111952b5d961e24dddd8603cb469dc21d57fef981f24eb89eab2c1cf3989f5b028110f336fa3c7631492b65d4905452cdd9a
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
e6ff82c174ad04a07cb95d79a509310928493a1f38a92012b024910a7fcff2aa
-
Size
204KB
-
MD5
9374ea3a36d4efde3032794f3cbfde15
-
SHA1
61259729267ec5b0fdff31672ffb77ae56c3b44f
-
SHA256
e6ff82c174ad04a07cb95d79a509310928493a1f38a92012b024910a7fcff2aa
-
SHA512
cbf68d52877ef78953ca5581c107111952b5d961e24dddd8603cb469dc21d57fef981f24eb89eab2c1cf3989f5b028110f336fa3c7631492b65d4905452cdd9a
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-