General
-
Target
0faef9ad6868b6da2b75cccd3970cbf9d23365a7b2052d66424960eb643b00bb
-
Size
307KB
-
Sample
220619-2b57wseddm
-
MD5
158378ad7bbc129f422b11949c2632cd
-
SHA1
14937298efeff57bbcc374ffaf6def86c6217189
-
SHA256
0faef9ad6868b6da2b75cccd3970cbf9d23365a7b2052d66424960eb643b00bb
-
SHA512
58aede7b4261c28dd2a919b364b2f0c9c4d77c54f234c9d88bbb59bc7e00a57cfa0438565b75ea91f7530a73be8b466acda70413e654a3ff054cc67961ad7ce5
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
0faef9ad6868b6da2b75cccd3970cbf9d23365a7b2052d66424960eb643b00bb
-
Size
307KB
-
MD5
158378ad7bbc129f422b11949c2632cd
-
SHA1
14937298efeff57bbcc374ffaf6def86c6217189
-
SHA256
0faef9ad6868b6da2b75cccd3970cbf9d23365a7b2052d66424960eb643b00bb
-
SHA512
58aede7b4261c28dd2a919b364b2f0c9c4d77c54f234c9d88bbb59bc7e00a57cfa0438565b75ea91f7530a73be8b466acda70413e654a3ff054cc67961ad7ce5
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-