General
-
Target
2396dc5f7cdfc7aa5d11dea9cc9f2cdb7c9b417c8c0c418e7064b859ff7b6839
-
Size
278KB
-
Sample
220808-3bg1qsbfa4
-
MD5
95b83d55dc12ecbf13bc7408a004f32f
-
SHA1
96ffccc96458c8e903e79fd9ee4264df35fedf3f
-
SHA256
2396dc5f7cdfc7aa5d11dea9cc9f2cdb7c9b417c8c0c418e7064b859ff7b6839
-
SHA512
e0454c87e842b1df7d5e47223785b17fb23c8ed53c7054a32dfc5f332ae5cf720034d61ac1dad55ededc980e9fa2c20cab020815279ff3a7cfb6f5a55638a635
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
2396dc5f7cdfc7aa5d11dea9cc9f2cdb7c9b417c8c0c418e7064b859ff7b6839
-
Size
278KB
-
MD5
95b83d55dc12ecbf13bc7408a004f32f
-
SHA1
96ffccc96458c8e903e79fd9ee4264df35fedf3f
-
SHA256
2396dc5f7cdfc7aa5d11dea9cc9f2cdb7c9b417c8c0c418e7064b859ff7b6839
-
SHA512
e0454c87e842b1df7d5e47223785b17fb23c8ed53c7054a32dfc5f332ae5cf720034d61ac1dad55ededc980e9fa2c20cab020815279ff3a7cfb6f5a55638a635
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-