General
-
Target
deb228668163d4f4a6b71426590de2c1e7b4c06b4fdef5fc4c0e2d886eefb442
-
Size
249KB
-
Sample
220615-exh8xsgga8
-
MD5
8529e819a7a785a836f80430db954f2d
-
SHA1
9faaad4a21e0579353f6573b4b167f8820511e8f
-
SHA256
deb228668163d4f4a6b71426590de2c1e7b4c06b4fdef5fc4c0e2d886eefb442
-
SHA512
aa59668775413a6c8f57e6e15637bab5c2e18fcfdf0d0620cc7599e6b6af3dffac9c03d84c2238c79dea00a873463f8b70c9373c348cf54a72bc13d808d57635
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
deb228668163d4f4a6b71426590de2c1e7b4c06b4fdef5fc4c0e2d886eefb442
-
Size
249KB
-
MD5
8529e819a7a785a836f80430db954f2d
-
SHA1
9faaad4a21e0579353f6573b4b167f8820511e8f
-
SHA256
deb228668163d4f4a6b71426590de2c1e7b4c06b4fdef5fc4c0e2d886eefb442
-
SHA512
aa59668775413a6c8f57e6e15637bab5c2e18fcfdf0d0620cc7599e6b6af3dffac9c03d84c2238c79dea00a873463f8b70c9373c348cf54a72bc13d808d57635
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-