General
-
Target
0074b841539d67f18a2bbf8d114bae71
-
Size
11.5MB
-
Sample
220809-zzezhagcbk
-
MD5
0074b841539d67f18a2bbf8d114bae71
-
SHA1
1198aa16a95b16380130d9d03e53baf46311c870
-
SHA256
0a600484ac90b65ad9ead8ec724c55eeb7a5113f15be1cf29e7fc595c856ecc3
-
SHA512
53a72378a455d64e5ea61f2305fff2051a6dfac35e236e3cacd4505b004e2a8c5bdda3970f0e2cdfe4fba586406e76afaf4c99cb69cc97da0d18a4d61cf94923
Static task
static1
Behavioral task
behavioral1
Sample
0074b841539d67f18a2bbf8d114bae71.exe
Resource
win7-20220715-en
Malware Config
Extracted
tofsee
niflheimr.cn
jotunheim.name
Targets
-
-
Target
0074b841539d67f18a2bbf8d114bae71
-
Size
11.5MB
-
MD5
0074b841539d67f18a2bbf8d114bae71
-
SHA1
1198aa16a95b16380130d9d03e53baf46311c870
-
SHA256
0a600484ac90b65ad9ead8ec724c55eeb7a5113f15be1cf29e7fc595c856ecc3
-
SHA512
53a72378a455d64e5ea61f2305fff2051a6dfac35e236e3cacd4505b004e2a8c5bdda3970f0e2cdfe4fba586406e76afaf4c99cb69cc97da0d18a4d61cf94923
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-