General
-
Target
3f022e1436256dbd7b3b8c0960eb0b5b2dc2efef3bf4dc07b16ecd8d3de03c07
-
Size
287KB
-
Sample
220614-qyc9vaedan
-
MD5
ed2f45b25e44af9ce0491c0e0e883217
-
SHA1
0b97f54835311fe8bf070fdc27798ccacabdaf95
-
SHA256
3f022e1436256dbd7b3b8c0960eb0b5b2dc2efef3bf4dc07b16ecd8d3de03c07
-
SHA512
44e22268164b0c9a1e14dab14aa57e773ee34110086aa9f4da9b19cdd17c728d541fb64a561e1743667c338c8d47aab385b26a66daa9a732c8d1bbf6f409d767
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
3f022e1436256dbd7b3b8c0960eb0b5b2dc2efef3bf4dc07b16ecd8d3de03c07
-
Size
287KB
-
MD5
ed2f45b25e44af9ce0491c0e0e883217
-
SHA1
0b97f54835311fe8bf070fdc27798ccacabdaf95
-
SHA256
3f022e1436256dbd7b3b8c0960eb0b5b2dc2efef3bf4dc07b16ecd8d3de03c07
-
SHA512
44e22268164b0c9a1e14dab14aa57e773ee34110086aa9f4da9b19cdd17c728d541fb64a561e1743667c338c8d47aab385b26a66daa9a732c8d1bbf6f409d767
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-