General
-
Target
2b306dd2bff7bc569eb2ea4d111f8c28
-
Size
10.8MB
-
Sample
220809-z2j18saaf3
-
MD5
2b306dd2bff7bc569eb2ea4d111f8c28
-
SHA1
c286e44f212d6dbf904cb3af1f614fa5b9ab78d3
-
SHA256
a1dd0a256d00b4bd84184b8f619934094bfdbd80aa0b28ddfa47ee42964f0f79
-
SHA512
4bc00549885f01cf96b34458dcb0fa5354bdcebdd965f3663a927a94b8c19e8aa47091b8debd394845bff2d016fe2b157f5575c9197a01b2ac875f89ed75432f
Static task
static1
Behavioral task
behavioral1
Sample
2b306dd2bff7bc569eb2ea4d111f8c28.exe
Resource
win7-20220718-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
2b306dd2bff7bc569eb2ea4d111f8c28
-
Size
10.8MB
-
MD5
2b306dd2bff7bc569eb2ea4d111f8c28
-
SHA1
c286e44f212d6dbf904cb3af1f614fa5b9ab78d3
-
SHA256
a1dd0a256d00b4bd84184b8f619934094bfdbd80aa0b28ddfa47ee42964f0f79
-
SHA512
4bc00549885f01cf96b34458dcb0fa5354bdcebdd965f3663a927a94b8c19e8aa47091b8debd394845bff2d016fe2b157f5575c9197a01b2ac875f89ed75432f
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-