General
-
Target
e3556e35752c27e504c6a874e5c8c61bba372a81856ec0ade58262d80a5c1d9c
-
Size
204KB
-
Sample
220613-vt18bshehk
-
MD5
0c125aceee03ef8a1435bf920a2a821d
-
SHA1
3a0626f8b6120f32190d9046e62c8e8f6a617de4
-
SHA256
e3556e35752c27e504c6a874e5c8c61bba372a81856ec0ade58262d80a5c1d9c
-
SHA512
30fed35f69a4c28428edb7bca5efe11ae4c8e771ecd4e37c7a418b83418b704ee3fd09862e2f6389ad26e383eb8cfbb93448c52eab80e64606acf7a4dad87f16
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
e3556e35752c27e504c6a874e5c8c61bba372a81856ec0ade58262d80a5c1d9c
-
Size
204KB
-
MD5
0c125aceee03ef8a1435bf920a2a821d
-
SHA1
3a0626f8b6120f32190d9046e62c8e8f6a617de4
-
SHA256
e3556e35752c27e504c6a874e5c8c61bba372a81856ec0ade58262d80a5c1d9c
-
SHA512
30fed35f69a4c28428edb7bca5efe11ae4c8e771ecd4e37c7a418b83418b704ee3fd09862e2f6389ad26e383eb8cfbb93448c52eab80e64606acf7a4dad87f16
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-