General
-
Target
1bb93b18ce319243c257c190ae50254cae4457f888285c1575e4c50a5c4d6f25
-
Size
307KB
-
Sample
220619-q3engaegal
-
MD5
7482605c4adcb2a4cf1fca140c2e1708
-
SHA1
c793eae3026db3295c3aa66f55d8a05b1b55d45d
-
SHA256
1bb93b18ce319243c257c190ae50254cae4457f888285c1575e4c50a5c4d6f25
-
SHA512
c91cfc8902bad668d35475a4ce247901b106910c3168f1a11fcc95e43ba115e5119c838ac0dedcb6139eaaf3c976ca586c65a29837eacf4a81f962229f6e16ec
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
1bb93b18ce319243c257c190ae50254cae4457f888285c1575e4c50a5c4d6f25
-
Size
307KB
-
MD5
7482605c4adcb2a4cf1fca140c2e1708
-
SHA1
c793eae3026db3295c3aa66f55d8a05b1b55d45d
-
SHA256
1bb93b18ce319243c257c190ae50254cae4457f888285c1575e4c50a5c4d6f25
-
SHA512
c91cfc8902bad668d35475a4ce247901b106910c3168f1a11fcc95e43ba115e5119c838ac0dedcb6139eaaf3c976ca586c65a29837eacf4a81f962229f6e16ec
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-