General
-
Target
da1706664515325abbfa4dfa09395e9605d49090c98d8fffbaeb2fd0fdb90b32
-
Size
288KB
-
Sample
220911-xhsg6acaf5
-
MD5
668ff5128fd42597424aa2ffeff53bd2
-
SHA1
c4ec76f374b2fb094583bb7454e7b9ec9c4def61
-
SHA256
da1706664515325abbfa4dfa09395e9605d49090c98d8fffbaeb2fd0fdb90b32
-
SHA512
48f3462292a4397d4854f36304190e130bb32d8e95f9cef45898d41abf7cdaf096051814803793531deff84d3244add0efa531bb8eeda4a9ffd0cdfed328b34d
-
SSDEEP
6144:vqWqb0sO54Sdv9Urcx+pptUAILpCzMnKCi6WHfz85I9mt:vQboHN+rcx+pptUAI8Mn4DHrIu
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
da1706664515325abbfa4dfa09395e9605d49090c98d8fffbaeb2fd0fdb90b32
-
Size
288KB
-
MD5
668ff5128fd42597424aa2ffeff53bd2
-
SHA1
c4ec76f374b2fb094583bb7454e7b9ec9c4def61
-
SHA256
da1706664515325abbfa4dfa09395e9605d49090c98d8fffbaeb2fd0fdb90b32
-
SHA512
48f3462292a4397d4854f36304190e130bb32d8e95f9cef45898d41abf7cdaf096051814803793531deff84d3244add0efa531bb8eeda4a9ffd0cdfed328b34d
-
SSDEEP
6144:vqWqb0sO54Sdv9Urcx+pptUAILpCzMnKCi6WHfz85I9mt:vQboHN+rcx+pptUAI8Mn4DHrIu
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-