General
-
Target
d9c3f9bb75b83a8715aae0e419e25345
-
Size
13.8MB
-
Sample
220809-zy8v7ahhg2
-
MD5
d9c3f9bb75b83a8715aae0e419e25345
-
SHA1
697c2d588c11f3f67fce36ff79abadc4b7f98289
-
SHA256
a3f09390b84ed04bfd2cab6116a91f90db66736347cc6b35b89a1bae5bc0acd3
-
SHA512
d1aba9fea4e9c41e99290d52603657af87c5c0a9190dc4e3895da3f0a639553437158cecf44627fb5d1c5f491621ba85fc37794d5730b3124afc1929d17a9ad8
Static task
static1
Behavioral task
behavioral1
Sample
d9c3f9bb75b83a8715aae0e419e25345.exe
Resource
win7-20220718-en
Malware Config
Extracted
tofsee
niflheimr.cn
jotunheim.name
Targets
-
-
Target
d9c3f9bb75b83a8715aae0e419e25345
-
Size
13.8MB
-
MD5
d9c3f9bb75b83a8715aae0e419e25345
-
SHA1
697c2d588c11f3f67fce36ff79abadc4b7f98289
-
SHA256
a3f09390b84ed04bfd2cab6116a91f90db66736347cc6b35b89a1bae5bc0acd3
-
SHA512
d1aba9fea4e9c41e99290d52603657af87c5c0a9190dc4e3895da3f0a639553437158cecf44627fb5d1c5f491621ba85fc37794d5730b3124afc1929d17a9ad8
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-