General
-
Target
cd8237a11ff6868a382d02376af8de9ff1ca8f7cac5be55b00e48cac99f0dc87
-
Size
299KB
-
Sample
220619-gv6ybadcbp
-
MD5
75bea6bd8684c6cfb397940e7282e996
-
SHA1
896580e567940a71a2bb5fe25d66f19f4ccd8955
-
SHA256
cd8237a11ff6868a382d02376af8de9ff1ca8f7cac5be55b00e48cac99f0dc87
-
SHA512
f50f768c8495d191e03f7baa03024502de8d42e1bf9d8c81fa94a92f3a8645029a772c391e9ff12564c2806e793d041018bf5e65265dbbc14ef2ae183f38f746
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
cd8237a11ff6868a382d02376af8de9ff1ca8f7cac5be55b00e48cac99f0dc87
-
Size
299KB
-
MD5
75bea6bd8684c6cfb397940e7282e996
-
SHA1
896580e567940a71a2bb5fe25d66f19f4ccd8955
-
SHA256
cd8237a11ff6868a382d02376af8de9ff1ca8f7cac5be55b00e48cac99f0dc87
-
SHA512
f50f768c8495d191e03f7baa03024502de8d42e1bf9d8c81fa94a92f3a8645029a772c391e9ff12564c2806e793d041018bf5e65265dbbc14ef2ae183f38f746
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-