General
-
Target
681d676c4efe46bd2f71f6b162ec3da09928eb461f5ed953d6b33dcb59d61ccb
-
Size
241KB
-
Sample
220809-pfv69saahp
-
MD5
eb7b4cf9eb4c2a45fd5b979562d315b6
-
SHA1
f43f2ada8f906a9b9d07d050691778e453b7d20f
-
SHA256
681d676c4efe46bd2f71f6b162ec3da09928eb461f5ed953d6b33dcb59d61ccb
-
SHA512
d477cbb72bd1da59f68e248287cba8edd1c7744b3028d66c3dcd752a424f334e6217cac0c183bf1e05c2429b8fab968282f9bb23db85bafa0dfe0471d902e314
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
681d676c4efe46bd2f71f6b162ec3da09928eb461f5ed953d6b33dcb59d61ccb
-
Size
241KB
-
MD5
eb7b4cf9eb4c2a45fd5b979562d315b6
-
SHA1
f43f2ada8f906a9b9d07d050691778e453b7d20f
-
SHA256
681d676c4efe46bd2f71f6b162ec3da09928eb461f5ed953d6b33dcb59d61ccb
-
SHA512
d477cbb72bd1da59f68e248287cba8edd1c7744b3028d66c3dcd752a424f334e6217cac0c183bf1e05c2429b8fab968282f9bb23db85bafa0dfe0471d902e314
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-