General
-
Target
8dd38b9b6850e90765bac4e49f91e55058a93ede622f30509bc569259e80b3dc
-
Size
249KB
-
Sample
220615-bmf42aace2
-
MD5
de516e6109efd34fc91a2b3ccb365d53
-
SHA1
caebc814d648a4750ace0515f65f2789b31cf2fb
-
SHA256
8dd38b9b6850e90765bac4e49f91e55058a93ede622f30509bc569259e80b3dc
-
SHA512
37dab9d2ee6adc8e477badeb718e33594a4f31736618dd013da47b3fb3e358f62765c0e92154e2b93da1c5631d3e74184fb8d74d07e312e1084f0706e024f2ad
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
8dd38b9b6850e90765bac4e49f91e55058a93ede622f30509bc569259e80b3dc
-
Size
249KB
-
MD5
de516e6109efd34fc91a2b3ccb365d53
-
SHA1
caebc814d648a4750ace0515f65f2789b31cf2fb
-
SHA256
8dd38b9b6850e90765bac4e49f91e55058a93ede622f30509bc569259e80b3dc
-
SHA512
37dab9d2ee6adc8e477badeb718e33594a4f31736618dd013da47b3fb3e358f62765c0e92154e2b93da1c5631d3e74184fb8d74d07e312e1084f0706e024f2ad
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-