General
-
Target
5341d980bb935f41c8a0854ad9351ea7
-
Size
12.4MB
-
Sample
220809-z2a4bsaad9
-
MD5
5341d980bb935f41c8a0854ad9351ea7
-
SHA1
0c6cc116a730efaa24d4fd537ffac420b61bba17
-
SHA256
720b572ffbf5f17e3d163cb5f7209fcff796d2b644069678c91088ec5c15a317
-
SHA512
f1e89000cebce74e0526d02f74e0994aa4d0b09d47f436603774a1e12e0f13916f7548015618989c4c3692b79d519ed61d2512017b0ac5bda955c10c8f9d2973
Static task
static1
Behavioral task
behavioral1
Sample
5341d980bb935f41c8a0854ad9351ea7.exe
Resource
win7-20220718-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
5341d980bb935f41c8a0854ad9351ea7
-
Size
12.4MB
-
MD5
5341d980bb935f41c8a0854ad9351ea7
-
SHA1
0c6cc116a730efaa24d4fd537ffac420b61bba17
-
SHA256
720b572ffbf5f17e3d163cb5f7209fcff796d2b644069678c91088ec5c15a317
-
SHA512
f1e89000cebce74e0526d02f74e0994aa4d0b09d47f436603774a1e12e0f13916f7548015618989c4c3692b79d519ed61d2512017b0ac5bda955c10c8f9d2973
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-