General
-
Target
e04fd6d39fbbee850cee3ebb9573e44d28d357c7683f59fc3e76a741d7d5cec5
-
Size
259KB
-
Sample
220615-lvzw8adbhr
-
MD5
9591d38da291e3957ab1bdcbe57b67c1
-
SHA1
8a305301e733d607ef478b0bb26465f6db3bb1e0
-
SHA256
e04fd6d39fbbee850cee3ebb9573e44d28d357c7683f59fc3e76a741d7d5cec5
-
SHA512
c95b19bc274bc6bbb5a3c4578b84a5b952342a8359076f1fded4679f61dad33c2dbc271fd7e098249acd15ba625aee5052f178704cc5a7109e77262d7e08fcb0
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
e04fd6d39fbbee850cee3ebb9573e44d28d357c7683f59fc3e76a741d7d5cec5
-
Size
259KB
-
MD5
9591d38da291e3957ab1bdcbe57b67c1
-
SHA1
8a305301e733d607ef478b0bb26465f6db3bb1e0
-
SHA256
e04fd6d39fbbee850cee3ebb9573e44d28d357c7683f59fc3e76a741d7d5cec5
-
SHA512
c95b19bc274bc6bbb5a3c4578b84a5b952342a8359076f1fded4679f61dad33c2dbc271fd7e098249acd15ba625aee5052f178704cc5a7109e77262d7e08fcb0
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-