General
-
Target
cb95d177b068bdde50cc063e655f75f4f60b275d04148c60d1461a88ad0f445a
-
Size
309KB
-
Sample
220619-alvqcscbhl
-
MD5
95f72025ca3e31ca6471da50e4955c56
-
SHA1
8ae5e91e7c0673d43edd1c25c6e25b0a2fe01118
-
SHA256
cb95d177b068bdde50cc063e655f75f4f60b275d04148c60d1461a88ad0f445a
-
SHA512
fa23df4679a03d1a092120983cda78ba60614d350300c35a10cd7e137aa5abe7832b3f6a096baddb27707a71252fef01022e41b2aac8bec4db62c9ac403a9c91
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
cb95d177b068bdde50cc063e655f75f4f60b275d04148c60d1461a88ad0f445a
-
Size
309KB
-
MD5
95f72025ca3e31ca6471da50e4955c56
-
SHA1
8ae5e91e7c0673d43edd1c25c6e25b0a2fe01118
-
SHA256
cb95d177b068bdde50cc063e655f75f4f60b275d04148c60d1461a88ad0f445a
-
SHA512
fa23df4679a03d1a092120983cda78ba60614d350300c35a10cd7e137aa5abe7832b3f6a096baddb27707a71252fef01022e41b2aac8bec4db62c9ac403a9c91
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-