General
-
Target
b76ba2ffa2458c5aa1f0443963e3e4947146f4f467db98a1fc2b453dd49d7e58
-
Size
241KB
-
Sample
220809-hwv3waefbj
-
MD5
b38087a2cc157ab5c09fddbf4537e3bd
-
SHA1
c68eaa8e2b7f1b2d90409b215dab712925eaac4a
-
SHA256
b76ba2ffa2458c5aa1f0443963e3e4947146f4f467db98a1fc2b453dd49d7e58
-
SHA512
06cc6d8c4a4d91a30fa5e7dd9a605d904b42c8ac4e9c71d8d41ce2ec288954cba7cf6bc14e1a2116c296e065e31f6f7c703c45a4f080b807cb1eb187f1cd99fc
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
b76ba2ffa2458c5aa1f0443963e3e4947146f4f467db98a1fc2b453dd49d7e58
-
Size
241KB
-
MD5
b38087a2cc157ab5c09fddbf4537e3bd
-
SHA1
c68eaa8e2b7f1b2d90409b215dab712925eaac4a
-
SHA256
b76ba2ffa2458c5aa1f0443963e3e4947146f4f467db98a1fc2b453dd49d7e58
-
SHA512
06cc6d8c4a4d91a30fa5e7dd9a605d904b42c8ac4e9c71d8d41ce2ec288954cba7cf6bc14e1a2116c296e065e31f6f7c703c45a4f080b807cb1eb187f1cd99fc
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-