General
-
Target
f3ff6076e6b1a4c66b9a007aeb1d12260da146b053e84c076cf25895bed2268c
-
Size
287KB
-
Sample
220614-zntzaacegn
-
MD5
4c10cea128ee0e1c63b2cde7637dabc6
-
SHA1
794db4c33787e0b2ae4c83c188310dad92ee4c77
-
SHA256
f3ff6076e6b1a4c66b9a007aeb1d12260da146b053e84c076cf25895bed2268c
-
SHA512
a38886bc453a65dc0c0901fc58cc779b6fb4ce031b0cf9b7a137ce7365fa84f6512dcf8792116438ad5153fa67cdfcce3e52475ad0c2b8054ed8642972a4e006
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
f3ff6076e6b1a4c66b9a007aeb1d12260da146b053e84c076cf25895bed2268c
-
Size
287KB
-
MD5
4c10cea128ee0e1c63b2cde7637dabc6
-
SHA1
794db4c33787e0b2ae4c83c188310dad92ee4c77
-
SHA256
f3ff6076e6b1a4c66b9a007aeb1d12260da146b053e84c076cf25895bed2268c
-
SHA512
a38886bc453a65dc0c0901fc58cc779b6fb4ce031b0cf9b7a137ce7365fa84f6512dcf8792116438ad5153fa67cdfcce3e52475ad0c2b8054ed8642972a4e006
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-