General
-
Target
64990a28573468ad11f07ab14cfdea7c39ae783a5a64cc43b5a99ccdaa39c358
-
Size
240KB
-
Sample
220809-j9sekshch8
-
MD5
a96675d14aefba5db3792d44c5a42d6a
-
SHA1
c6cf65b6bd73e1801224029537e19c7fffc93ea1
-
SHA256
64990a28573468ad11f07ab14cfdea7c39ae783a5a64cc43b5a99ccdaa39c358
-
SHA512
648e494aee489a43c2e6e86d036770378e70281fe60b111b3388a6a7e4282b85063bb5834fe9ac84d9cf21aae2c1845a92cdd3a576427eeda42e8bb7fd5c44ce
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
64990a28573468ad11f07ab14cfdea7c39ae783a5a64cc43b5a99ccdaa39c358
-
Size
240KB
-
MD5
a96675d14aefba5db3792d44c5a42d6a
-
SHA1
c6cf65b6bd73e1801224029537e19c7fffc93ea1
-
SHA256
64990a28573468ad11f07ab14cfdea7c39ae783a5a64cc43b5a99ccdaa39c358
-
SHA512
648e494aee489a43c2e6e86d036770378e70281fe60b111b3388a6a7e4282b85063bb5834fe9ac84d9cf21aae2c1845a92cdd3a576427eeda42e8bb7fd5c44ce
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-