General
-
Target
ed5e58efc3975a82f5994bcba7f82b72
-
Size
11.9MB
-
Sample
220809-zy2f4sgbhr
-
MD5
ed5e58efc3975a82f5994bcba7f82b72
-
SHA1
6faf209a25369d25be59f36eb64906aa318fdd74
-
SHA256
88ce97502a44628febe2989f4083f52281bc25d541f37ec59e288eb907f688a4
-
SHA512
551dcc517a54d979f721497eed32a370429971a50bf0ce318e31169a35cb78079188518b7b8568483c40d71a156afb94bbe3717c34f8b14ed4834d207ec3fe27
Static task
static1
Behavioral task
behavioral1
Sample
ed5e58efc3975a82f5994bcba7f82b72.exe
Resource
win7-20220718-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
ed5e58efc3975a82f5994bcba7f82b72
-
Size
11.9MB
-
MD5
ed5e58efc3975a82f5994bcba7f82b72
-
SHA1
6faf209a25369d25be59f36eb64906aa318fdd74
-
SHA256
88ce97502a44628febe2989f4083f52281bc25d541f37ec59e288eb907f688a4
-
SHA512
551dcc517a54d979f721497eed32a370429971a50bf0ce318e31169a35cb78079188518b7b8568483c40d71a156afb94bbe3717c34f8b14ed4834d207ec3fe27
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-