General
-
Target
52403e9ecb979da03968dee33f93d82195840c1dfa78d603bb3a0438411fef9d
-
Size
309KB
-
Sample
220620-e5yzcaeear
-
MD5
b018a63655e1b744520f6722d46543c8
-
SHA1
a87df4af49329c313e31a327a1f6de604a858d18
-
SHA256
52403e9ecb979da03968dee33f93d82195840c1dfa78d603bb3a0438411fef9d
-
SHA512
8cc920a18a06c9ebeb17e14a47ca262bee23109943f9026ddaa09bb72edb402e56ebd41849f9fee302641cdef9736118504901408ad7d9a78c8291fa9045b686
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
52403e9ecb979da03968dee33f93d82195840c1dfa78d603bb3a0438411fef9d
-
Size
309KB
-
MD5
b018a63655e1b744520f6722d46543c8
-
SHA1
a87df4af49329c313e31a327a1f6de604a858d18
-
SHA256
52403e9ecb979da03968dee33f93d82195840c1dfa78d603bb3a0438411fef9d
-
SHA512
8cc920a18a06c9ebeb17e14a47ca262bee23109943f9026ddaa09bb72edb402e56ebd41849f9fee302641cdef9736118504901408ad7d9a78c8291fa9045b686
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-