General
-
Target
7e5fcb0d7778f748a3918378ed5db822
-
Size
13.1MB
-
Sample
220809-zyfjmsgbfp
-
MD5
7e5fcb0d7778f748a3918378ed5db822
-
SHA1
1706be828b80453959adba017e3f1026672b15d5
-
SHA256
ae0a28272124703a2f7bb1690929e771c6a90e5dee9f7c614bb818aba41a41c7
-
SHA512
7f0055c7db02e3a68ff9f0bb34040c65699fbdc7af7481ed9d2c41690360de3a3f774050d454b87bf39faa2176fdf56d83f203f8b1869c34c164055c6e5d6f2b
Static task
static1
Behavioral task
behavioral1
Sample
7e5fcb0d7778f748a3918378ed5db822.exe
Resource
win7-20220718-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
7e5fcb0d7778f748a3918378ed5db822
-
Size
13.1MB
-
MD5
7e5fcb0d7778f748a3918378ed5db822
-
SHA1
1706be828b80453959adba017e3f1026672b15d5
-
SHA256
ae0a28272124703a2f7bb1690929e771c6a90e5dee9f7c614bb818aba41a41c7
-
SHA512
7f0055c7db02e3a68ff9f0bb34040c65699fbdc7af7481ed9d2c41690360de3a3f774050d454b87bf39faa2176fdf56d83f203f8b1869c34c164055c6e5d6f2b
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-