General
-
Target
ef283739c935d0d61788f5b51ac244ff2b9342675cbc4a840b864c41d90dbf50
-
Size
249KB
-
Sample
220615-k568lschbn
-
MD5
991df7949cd2eca2aec598811b5daa44
-
SHA1
3789b677551ac14a2ef2599d1c8602af12ed31c2
-
SHA256
ef283739c935d0d61788f5b51ac244ff2b9342675cbc4a840b864c41d90dbf50
-
SHA512
e42f406c90a77a868ec0c4b49d97de052d4819f0467fb1d1419d418e2ba1bfc3e3d1dc4bf957e8471e2af79f64be61c4f4ad1f7bf3bc30aedffacd114827b9ea
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
ef283739c935d0d61788f5b51ac244ff2b9342675cbc4a840b864c41d90dbf50
-
Size
249KB
-
MD5
991df7949cd2eca2aec598811b5daa44
-
SHA1
3789b677551ac14a2ef2599d1c8602af12ed31c2
-
SHA256
ef283739c935d0d61788f5b51ac244ff2b9342675cbc4a840b864c41d90dbf50
-
SHA512
e42f406c90a77a868ec0c4b49d97de052d4819f0467fb1d1419d418e2ba1bfc3e3d1dc4bf957e8471e2af79f64be61c4f4ad1f7bf3bc30aedffacd114827b9ea
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-