General
-
Target
24e371013363ecbcb0f217954c925cdebe50656ee46b1f1990396882ffacd390
-
Size
309KB
-
Sample
220618-zas5tsdga3
-
MD5
6f3a3981b383f3608bf96a56af0f7482
-
SHA1
00419c86568aab648915ab55400b73c9519967a0
-
SHA256
24e371013363ecbcb0f217954c925cdebe50656ee46b1f1990396882ffacd390
-
SHA512
fb0d580e2ea62b710661257b61dc9966351e1e7507b0d08df323b7eb6c26a72422c15c9e13ba45f27d8d95aacfe28fd839778bbde91a38be74beacde8abe3ac6
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
24e371013363ecbcb0f217954c925cdebe50656ee46b1f1990396882ffacd390
-
Size
309KB
-
MD5
6f3a3981b383f3608bf96a56af0f7482
-
SHA1
00419c86568aab648915ab55400b73c9519967a0
-
SHA256
24e371013363ecbcb0f217954c925cdebe50656ee46b1f1990396882ffacd390
-
SHA512
fb0d580e2ea62b710661257b61dc9966351e1e7507b0d08df323b7eb6c26a72422c15c9e13ba45f27d8d95aacfe28fd839778bbde91a38be74beacde8abe3ac6
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-