General
-
Target
e785fb3c89fc7bd0d6f31feee702ebd210a6baae54d988f1d7d71e603d862980
-
Size
309KB
-
Sample
220620-h4x77sabgr
-
MD5
68189edeae2fdfca3a1e7ee2054848e5
-
SHA1
6013fae0a05874899a3a84923b4de3bbd9e23316
-
SHA256
e785fb3c89fc7bd0d6f31feee702ebd210a6baae54d988f1d7d71e603d862980
-
SHA512
78ba52f1823a5c6794958b939ec3ca0af57483e3eaba9fedf964a3a10f039063abe59b430df807dac014c8978873eabdf9aec5d975b5f66040a8ca65fb3c2df5
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
e785fb3c89fc7bd0d6f31feee702ebd210a6baae54d988f1d7d71e603d862980
-
Size
309KB
-
MD5
68189edeae2fdfca3a1e7ee2054848e5
-
SHA1
6013fae0a05874899a3a84923b4de3bbd9e23316
-
SHA256
e785fb3c89fc7bd0d6f31feee702ebd210a6baae54d988f1d7d71e603d862980
-
SHA512
78ba52f1823a5c6794958b939ec3ca0af57483e3eaba9fedf964a3a10f039063abe59b430df807dac014c8978873eabdf9aec5d975b5f66040a8ca65fb3c2df5
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-