General
-
Target
5341353eb5628c3a0e2b8c2bf3df1d8727e7198217915ca824a0a4dd3618986f
-
Size
169KB
-
Sample
220923-hm8bvahdbp
-
MD5
293db69e226584393c0a43fd770d51f9
-
SHA1
ad7667acd2289ccba86f4748fd2ee2fbad94fe95
-
SHA256
5341353eb5628c3a0e2b8c2bf3df1d8727e7198217915ca824a0a4dd3618986f
-
SHA512
a7c19194de2d03c6b0dffa24def4754a01dbfcbe17ce52427ea59113135a4ce5b7116ffb278a65e5224609abf368bd13ac82bf07f5634b8e0e999f3d479ce40f
-
SSDEEP
3072:9jnLrN5Ofqvief73EKe9PNCGcS1uSligZBo6R1q/PkW4n:FLrOfqvv73Elbr0g3
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
5341353eb5628c3a0e2b8c2bf3df1d8727e7198217915ca824a0a4dd3618986f
-
Size
169KB
-
MD5
293db69e226584393c0a43fd770d51f9
-
SHA1
ad7667acd2289ccba86f4748fd2ee2fbad94fe95
-
SHA256
5341353eb5628c3a0e2b8c2bf3df1d8727e7198217915ca824a0a4dd3618986f
-
SHA512
a7c19194de2d03c6b0dffa24def4754a01dbfcbe17ce52427ea59113135a4ce5b7116ffb278a65e5224609abf368bd13ac82bf07f5634b8e0e999f3d479ce40f
-
SSDEEP
3072:9jnLrN5Ofqvief73EKe9PNCGcS1uSligZBo6R1q/PkW4n:FLrOfqvv73Elbr0g3
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-