General
-
Target
806200528183d464a99020dad85f149055adec65bad621aa7f18576449eea8cd
-
Size
308KB
-
Sample
220618-3anrwsbhfq
-
MD5
8a4cfe664de33869188261cc15e7c522
-
SHA1
58703bc45a299be2849a1730b9c3628d2658b86b
-
SHA256
806200528183d464a99020dad85f149055adec65bad621aa7f18576449eea8cd
-
SHA512
524aa73642703f302fd71ae3b71aeccfff91edd2ab7bcb74e22fd9cbd7874221d5a94276c1bf679ab4ab96295bde4dbd63ff4400c9bb4e3fd36b38918f3e4c04
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
806200528183d464a99020dad85f149055adec65bad621aa7f18576449eea8cd
-
Size
308KB
-
MD5
8a4cfe664de33869188261cc15e7c522
-
SHA1
58703bc45a299be2849a1730b9c3628d2658b86b
-
SHA256
806200528183d464a99020dad85f149055adec65bad621aa7f18576449eea8cd
-
SHA512
524aa73642703f302fd71ae3b71aeccfff91edd2ab7bcb74e22fd9cbd7874221d5a94276c1bf679ab4ab96295bde4dbd63ff4400c9bb4e3fd36b38918f3e4c04
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-