General
-
Target
63263a6a2a9455c1159d95e2afd705167219e9f35ad5d59ef186e25ab02ba1cb
-
Size
313KB
-
Sample
220620-tfhndsedgm
-
MD5
b440d803ab42f31567a4d4d61aa4ef94
-
SHA1
232319681df1e403b35fb69d95bd1dfce23b600f
-
SHA256
63263a6a2a9455c1159d95e2afd705167219e9f35ad5d59ef186e25ab02ba1cb
-
SHA512
78808ce22660e9e75615f0aa55e6e74e668d7b7689b020a1b54e7114a3746230ebc8da96882440c89304d50bf135796ad972be0ea3ff7a1237721587d07af497
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
63263a6a2a9455c1159d95e2afd705167219e9f35ad5d59ef186e25ab02ba1cb
-
Size
313KB
-
MD5
b440d803ab42f31567a4d4d61aa4ef94
-
SHA1
232319681df1e403b35fb69d95bd1dfce23b600f
-
SHA256
63263a6a2a9455c1159d95e2afd705167219e9f35ad5d59ef186e25ab02ba1cb
-
SHA512
78808ce22660e9e75615f0aa55e6e74e668d7b7689b020a1b54e7114a3746230ebc8da96882440c89304d50bf135796ad972be0ea3ff7a1237721587d07af497
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-