General
-
Target
0f0f8a4b64b4ad8e33b40cb4eb2fe3f9abe96433838c535079c66b76e45104ef
-
Size
240KB
-
Sample
220809-zhvnmahdf8
-
MD5
bf4f2337ee57b43e4b9ba34a77d14c86
-
SHA1
50f3f6e0865b50539a2f9f6710ce15f0ddec0116
-
SHA256
0f0f8a4b64b4ad8e33b40cb4eb2fe3f9abe96433838c535079c66b76e45104ef
-
SHA512
47786aa29f305a73a3d446cd251a30da185518cb8c3fc298fb280f0637d68512913f5efded90214f1a8d4e6efb251bdae33be34bc765d129017b198840a6bef4
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
0f0f8a4b64b4ad8e33b40cb4eb2fe3f9abe96433838c535079c66b76e45104ef
-
Size
240KB
-
MD5
bf4f2337ee57b43e4b9ba34a77d14c86
-
SHA1
50f3f6e0865b50539a2f9f6710ce15f0ddec0116
-
SHA256
0f0f8a4b64b4ad8e33b40cb4eb2fe3f9abe96433838c535079c66b76e45104ef
-
SHA512
47786aa29f305a73a3d446cd251a30da185518cb8c3fc298fb280f0637d68512913f5efded90214f1a8d4e6efb251bdae33be34bc765d129017b198840a6bef4
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-