General
-
Target
c5c46e466fe211510aaabea60c3362aeaec77ddfbd963fff1864e84f2435d1bd
-
Size
340KB
-
Sample
220810-m2pkhahdbm
-
MD5
7be1e28c2e225cf04dcae70148c43cb2
-
SHA1
3f1d9ec8a16913dc666754c5da556753823f5ad6
-
SHA256
c5c46e466fe211510aaabea60c3362aeaec77ddfbd963fff1864e84f2435d1bd
-
SHA512
b1a1016c85a4317833f2d79c82cf1669519034e1629f85be96c58daefdb970621b3c1459f643b0fdd097c7291d82727ff7d0d2ec098966aa2d84bdff94f7c92b
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
c5c46e466fe211510aaabea60c3362aeaec77ddfbd963fff1864e84f2435d1bd
-
Size
340KB
-
MD5
7be1e28c2e225cf04dcae70148c43cb2
-
SHA1
3f1d9ec8a16913dc666754c5da556753823f5ad6
-
SHA256
c5c46e466fe211510aaabea60c3362aeaec77ddfbd963fff1864e84f2435d1bd
-
SHA512
b1a1016c85a4317833f2d79c82cf1669519034e1629f85be96c58daefdb970621b3c1459f643b0fdd097c7291d82727ff7d0d2ec098966aa2d84bdff94f7c92b
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-