General
-
Target
a50bcdae370bb27fea533b447c1f03556a03a26396dddfe40eac4ffd795969fc
-
Size
307KB
-
Sample
220619-t4mx1sfcdj
-
MD5
f18c087687741a0fd9b8db8024c97318
-
SHA1
5989698f7b4afe6c79960c41257d0e90fb49f387
-
SHA256
a50bcdae370bb27fea533b447c1f03556a03a26396dddfe40eac4ffd795969fc
-
SHA512
6f97373814c5f131907c560202cc4e18734d19773a2799074e53a6fed814e8876e3657fdd526999c1aa6f85951d11f98f705b2223e5b70d4f34acbe7e8c6dc00
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
a50bcdae370bb27fea533b447c1f03556a03a26396dddfe40eac4ffd795969fc
-
Size
307KB
-
MD5
f18c087687741a0fd9b8db8024c97318
-
SHA1
5989698f7b4afe6c79960c41257d0e90fb49f387
-
SHA256
a50bcdae370bb27fea533b447c1f03556a03a26396dddfe40eac4ffd795969fc
-
SHA512
6f97373814c5f131907c560202cc4e18734d19773a2799074e53a6fed814e8876e3657fdd526999c1aa6f85951d11f98f705b2223e5b70d4f34acbe7e8c6dc00
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-