General
-
Target
6458cb95902e65e6641bdde798efa3cf523dae3464c681666b0509c757d74074
-
Size
287KB
-
Sample
220614-yek5caebf2
-
MD5
4e089f4c1806595493a3452902d12194
-
SHA1
69d62ac483465040f54388ff023c0714ea7b2ceb
-
SHA256
6458cb95902e65e6641bdde798efa3cf523dae3464c681666b0509c757d74074
-
SHA512
aee92d602054a0f77d7971ad1d22b82ba738df65b52bfb9643c204a5162a889e48bf263435fe17eefcc8efe596122d99d1b1726c69104fd035c8a80c2938f784
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
6458cb95902e65e6641bdde798efa3cf523dae3464c681666b0509c757d74074
-
Size
287KB
-
MD5
4e089f4c1806595493a3452902d12194
-
SHA1
69d62ac483465040f54388ff023c0714ea7b2ceb
-
SHA256
6458cb95902e65e6641bdde798efa3cf523dae3464c681666b0509c757d74074
-
SHA512
aee92d602054a0f77d7971ad1d22b82ba738df65b52bfb9643c204a5162a889e48bf263435fe17eefcc8efe596122d99d1b1726c69104fd035c8a80c2938f784
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-