General
-
Target
427b8a704357bad4c684fc4d3e0edda8.exe
-
Size
293KB
-
Sample
220719-w12m4sggfn
-
MD5
427b8a704357bad4c684fc4d3e0edda8
-
SHA1
08598136547fb36d2784ca6f4126b7ae42333885
-
SHA256
2f5b289a8dcb26ed9389a49687e513f162ed3145469a5cb90f0aab45c699c3d9
-
SHA512
78545c33e7758345a367eb9ea4c2eae9dda2bec88e1591d7f8afb5ffe069c5764768f99cc3aa14a4a88e1095dff3fa972904955d39da7aa05271f2c54acf8009
Static task
static1
Behavioral task
behavioral1
Sample
427b8a704357bad4c684fc4d3e0edda8.exe
Resource
win7-20220718-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
427b8a704357bad4c684fc4d3e0edda8.exe
-
Size
293KB
-
MD5
427b8a704357bad4c684fc4d3e0edda8
-
SHA1
08598136547fb36d2784ca6f4126b7ae42333885
-
SHA256
2f5b289a8dcb26ed9389a49687e513f162ed3145469a5cb90f0aab45c699c3d9
-
SHA512
78545c33e7758345a367eb9ea4c2eae9dda2bec88e1591d7f8afb5ffe069c5764768f99cc3aa14a4a88e1095dff3fa972904955d39da7aa05271f2c54acf8009
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-