General
-
Target
ae4b357c8ea064e14188d87cc847c065bb1d936f3e894fce44a87ac945853d0f
-
Size
258KB
-
Sample
220614-d2yczafhg4
-
MD5
2344d1fddd53b40a7796dd48ba1bf3c3
-
SHA1
1329f9055c52477dc682c102acd15cd1a8ce0bf2
-
SHA256
ae4b357c8ea064e14188d87cc847c065bb1d936f3e894fce44a87ac945853d0f
-
SHA512
ae2fc2595147384f9ddc2b87fe78dd218a2f668ef30737fd9974d104b2acd7286ac525d8f5a11102f30d747b4171914a1ac96cd9b67c9dc2e36979545544eed9
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
ae4b357c8ea064e14188d87cc847c065bb1d936f3e894fce44a87ac945853d0f
-
Size
258KB
-
MD5
2344d1fddd53b40a7796dd48ba1bf3c3
-
SHA1
1329f9055c52477dc682c102acd15cd1a8ce0bf2
-
SHA256
ae4b357c8ea064e14188d87cc847c065bb1d936f3e894fce44a87ac945853d0f
-
SHA512
ae2fc2595147384f9ddc2b87fe78dd218a2f668ef30737fd9974d104b2acd7286ac525d8f5a11102f30d747b4171914a1ac96cd9b67c9dc2e36979545544eed9
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-