General
-
Target
81aee89b21522a02b2fd8ba460190f5dc0c9e371d10735d74582a2f216f087be
-
Size
307KB
-
Sample
220619-x6fs9shher
-
MD5
49c0260ae3724c8b1028d764efc4f2a7
-
SHA1
668fe56f98f6ec8c3ff8dad2f007fabb72ff82a4
-
SHA256
81aee89b21522a02b2fd8ba460190f5dc0c9e371d10735d74582a2f216f087be
-
SHA512
6074ba0235776b0bbc60044bd0487857dce708ad8397a9edf69fb0f255b819933c6379f386db346e41c811ae68ede7903d189e11efe98d8e9e87e33d43034b58
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
81aee89b21522a02b2fd8ba460190f5dc0c9e371d10735d74582a2f216f087be
-
Size
307KB
-
MD5
49c0260ae3724c8b1028d764efc4f2a7
-
SHA1
668fe56f98f6ec8c3ff8dad2f007fabb72ff82a4
-
SHA256
81aee89b21522a02b2fd8ba460190f5dc0c9e371d10735d74582a2f216f087be
-
SHA512
6074ba0235776b0bbc60044bd0487857dce708ad8397a9edf69fb0f255b819933c6379f386db346e41c811ae68ede7903d189e11efe98d8e9e87e33d43034b58
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-