General
-
Target
75t70izpt[1].bin
-
Size
302KB
-
Sample
220717-s9xhzaegdl
-
MD5
e99f30a09b75de5eb56c172972cc46bc
-
SHA1
d50c7c10d7abcb27ba63242a20e5fdd90ad2ae60
-
SHA256
9ff3eb5bac86aef0116488ac380f9d7ea15d27f9d580462fcf3612293525f50f
-
SHA512
4991768653c743e673b3a0a66baf3930aba398f861e10837c4622927ba4bef3cfd4f29afc041163e1970c19c67108e765e94757d2e884bad963b131fb0a69561
Static task
static1
Behavioral task
behavioral1
Sample
75t70izpt[1].exe
Resource
win7-20220414-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
75t70izpt[1].bin
-
Size
302KB
-
MD5
e99f30a09b75de5eb56c172972cc46bc
-
SHA1
d50c7c10d7abcb27ba63242a20e5fdd90ad2ae60
-
SHA256
9ff3eb5bac86aef0116488ac380f9d7ea15d27f9d580462fcf3612293525f50f
-
SHA512
4991768653c743e673b3a0a66baf3930aba398f861e10837c4622927ba4bef3cfd4f29afc041163e1970c19c67108e765e94757d2e884bad963b131fb0a69561
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-