General
-
Target
114e5ed75459a26e4e873bc8c125518acff1a9c47006f4a27c2bd0f549dc093e
-
Size
309KB
-
Sample
220618-wlly4sadej
-
MD5
8b3e8043a2734b4bf0a03dce854369ba
-
SHA1
91170e3a6e5e46a45e31304a2e0eace2efdbb4df
-
SHA256
114e5ed75459a26e4e873bc8c125518acff1a9c47006f4a27c2bd0f549dc093e
-
SHA512
54cd639a10b21337fce9bc88eb3032ba01d483284ffcdc31b635315ac4c588da4267748b3982965674ce48d44c78ba8e8b15ed1ead1a01d118686c17f2c94b3c
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
114e5ed75459a26e4e873bc8c125518acff1a9c47006f4a27c2bd0f549dc093e
-
Size
309KB
-
MD5
8b3e8043a2734b4bf0a03dce854369ba
-
SHA1
91170e3a6e5e46a45e31304a2e0eace2efdbb4df
-
SHA256
114e5ed75459a26e4e873bc8c125518acff1a9c47006f4a27c2bd0f549dc093e
-
SHA512
54cd639a10b21337fce9bc88eb3032ba01d483284ffcdc31b635315ac4c588da4267748b3982965674ce48d44c78ba8e8b15ed1ead1a01d118686c17f2c94b3c
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-