General
-
Target
ebe01122cf936ff383e04138cab3562215ee5e5100a81ec723c00daae516c595
-
Size
341KB
-
Sample
220810-p1qghsadcn
-
MD5
c41aa85d34870d42ca04ae19732c6498
-
SHA1
26b7c8516373a74ee8d0d8259f512b15a5c662d0
-
SHA256
ebe01122cf936ff383e04138cab3562215ee5e5100a81ec723c00daae516c595
-
SHA512
9b213d70e871ffb0b893666425467e49b44c61cfeb4f868911e7c79d59a4353082bbcdab709c201a199092eefca81c248f6ca7819a96f205e51f95e372fd4d6f
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
ebe01122cf936ff383e04138cab3562215ee5e5100a81ec723c00daae516c595
-
Size
341KB
-
MD5
c41aa85d34870d42ca04ae19732c6498
-
SHA1
26b7c8516373a74ee8d0d8259f512b15a5c662d0
-
SHA256
ebe01122cf936ff383e04138cab3562215ee5e5100a81ec723c00daae516c595
-
SHA512
9b213d70e871ffb0b893666425467e49b44c61cfeb4f868911e7c79d59a4353082bbcdab709c201a199092eefca81c248f6ca7819a96f205e51f95e372fd4d6f
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-