General
-
Target
9b3ee7eac467590e2d4e7d367b376331
-
Size
14.3MB
-
Sample
220809-z2mr5agdar
-
MD5
9b3ee7eac467590e2d4e7d367b376331
-
SHA1
b872ede2230e20b6fd288521512448fc8632dcfb
-
SHA256
5e982aafb8033b6c065e7fe8b8b576475bf83abf1e8f4a519a3435781eca1325
-
SHA512
b48b29cf1077391a800dc438da22d359d9a8c44923f94a6337b579d1f902eb7cf6fdb0ebb585b552f6b9a1becfbf62d35bf8e4e71a7d8d7bc3285b67ad3291b9
Static task
static1
Behavioral task
behavioral1
Sample
9b3ee7eac467590e2d4e7d367b376331.exe
Resource
win7-20220718-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
9b3ee7eac467590e2d4e7d367b376331
-
Size
14.3MB
-
MD5
9b3ee7eac467590e2d4e7d367b376331
-
SHA1
b872ede2230e20b6fd288521512448fc8632dcfb
-
SHA256
5e982aafb8033b6c065e7fe8b8b576475bf83abf1e8f4a519a3435781eca1325
-
SHA512
b48b29cf1077391a800dc438da22d359d9a8c44923f94a6337b579d1f902eb7cf6fdb0ebb585b552f6b9a1becfbf62d35bf8e4e71a7d8d7bc3285b67ad3291b9
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-