General
-
Target
f5363f499adb3f80d67dc2547b374bfe0fd49d597fdf882465ac8f9720af6652
-
Size
244KB
-
Sample
220808-3r92fsbhc2
-
MD5
befda229672d7c70e60c3bb6f7708e66
-
SHA1
a26d0722e84caca33614e59ac77b41f1411d6acb
-
SHA256
f5363f499adb3f80d67dc2547b374bfe0fd49d597fdf882465ac8f9720af6652
-
SHA512
e3ba4b11d2b345bff20a6c945396feae3d2dd5a814f951fdb39d06dcf1b380a169468b81402c7d7d5e9bc7ea0c9df14c81ad662a93b9f7b50fd56d2cce3ec305
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
f5363f499adb3f80d67dc2547b374bfe0fd49d597fdf882465ac8f9720af6652
-
Size
244KB
-
MD5
befda229672d7c70e60c3bb6f7708e66
-
SHA1
a26d0722e84caca33614e59ac77b41f1411d6acb
-
SHA256
f5363f499adb3f80d67dc2547b374bfe0fd49d597fdf882465ac8f9720af6652
-
SHA512
e3ba4b11d2b345bff20a6c945396feae3d2dd5a814f951fdb39d06dcf1b380a169468b81402c7d7d5e9bc7ea0c9df14c81ad662a93b9f7b50fd56d2cce3ec305
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-