General
-
Target
a4b883962ca4f70c4028cae79b217a555da04463f5143b724e05c1ab20ba7b88
-
Size
306KB
-
Sample
220619-vrzxgsfddk
-
MD5
929451dedc66580436f74fd66b108e28
-
SHA1
b3247176a9b487679f69c5a8c545e4960ce0cde9
-
SHA256
a4b883962ca4f70c4028cae79b217a555da04463f5143b724e05c1ab20ba7b88
-
SHA512
afd034569114735227b10161df337bb0387a61495f5be019ea2754e39c22d47a2c6cc70e96e80e947b7f09d254501af411f2a55f68d7dd11d61dc6f5c8d4e9f2
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
a4b883962ca4f70c4028cae79b217a555da04463f5143b724e05c1ab20ba7b88
-
Size
306KB
-
MD5
929451dedc66580436f74fd66b108e28
-
SHA1
b3247176a9b487679f69c5a8c545e4960ce0cde9
-
SHA256
a4b883962ca4f70c4028cae79b217a555da04463f5143b724e05c1ab20ba7b88
-
SHA512
afd034569114735227b10161df337bb0387a61495f5be019ea2754e39c22d47a2c6cc70e96e80e947b7f09d254501af411f2a55f68d7dd11d61dc6f5c8d4e9f2
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-