General
-
Target
9b178828fcd48828da65bb6e1b8a5255.exe
-
Size
280KB
-
Sample
220923-gx7bvshccr
-
MD5
9b178828fcd48828da65bb6e1b8a5255
-
SHA1
e5256245c1ece1f0d62b6c0b26f0537d296a64ae
-
SHA256
e9c02698fef6793fda4947b08333052bf142e43377ae6b0b74acd1ab15a59af3
-
SHA512
6ce9e7f8633d96a2db9a7041c27610b8392706b2ae68d5c69a6634607a2a0c1810c6a1268e4a9e8ebe6f18739a77b38adb377b46fd2b52374e5b99dfbf8033dc
-
SSDEEP
6144:rIRFmfqLvoLoE9J+eMJsfe5cq5/Xr03rIigavwVfXe:rIRsqLQc+J+eMV5b/w3p5
Static task
static1
Behavioral task
behavioral1
Sample
9b178828fcd48828da65bb6e1b8a5255.exe
Resource
win7-20220812-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
9b178828fcd48828da65bb6e1b8a5255.exe
-
Size
280KB
-
MD5
9b178828fcd48828da65bb6e1b8a5255
-
SHA1
e5256245c1ece1f0d62b6c0b26f0537d296a64ae
-
SHA256
e9c02698fef6793fda4947b08333052bf142e43377ae6b0b74acd1ab15a59af3
-
SHA512
6ce9e7f8633d96a2db9a7041c27610b8392706b2ae68d5c69a6634607a2a0c1810c6a1268e4a9e8ebe6f18739a77b38adb377b46fd2b52374e5b99dfbf8033dc
-
SSDEEP
6144:rIRFmfqLvoLoE9J+eMJsfe5cq5/Xr03rIigavwVfXe:rIRsqLQc+J+eMV5b/w3p5
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-