General
-
Target
ecb302e999e0959abd9bdd330401ea9f
-
Size
196KB
-
Sample
220924-ysl9kabhd4
-
MD5
ecb302e999e0959abd9bdd330401ea9f
-
SHA1
529e9342005a6295d865fa4d1188126229b2a0bd
-
SHA256
eb6bda9737c6ace5c9f38b44dba312f18fe0bf044b4848817c17b4e1a74d90b9
-
SHA512
1f084be926b1fe6f68bc0637e762c4d407a6f8b8d8a90b3f9157120beca96409d0cba495675f9fe1490f4c61840c96762d364ecb2dd27ac2376a4e526c38639f
-
SSDEEP
3072:D1nI7LRgcLJA5gRrHSq6yz7F52jPaiPGONFHNRJtBc94al+/PkkXx:SLtLR5/hnSjSi+ONFtRKBl
Static task
static1
Behavioral task
behavioral1
Sample
ecb302e999e0959abd9bdd330401ea9f.exe
Resource
win7-20220812-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
ecb302e999e0959abd9bdd330401ea9f
-
Size
196KB
-
MD5
ecb302e999e0959abd9bdd330401ea9f
-
SHA1
529e9342005a6295d865fa4d1188126229b2a0bd
-
SHA256
eb6bda9737c6ace5c9f38b44dba312f18fe0bf044b4848817c17b4e1a74d90b9
-
SHA512
1f084be926b1fe6f68bc0637e762c4d407a6f8b8d8a90b3f9157120beca96409d0cba495675f9fe1490f4c61840c96762d364ecb2dd27ac2376a4e526c38639f
-
SSDEEP
3072:D1nI7LRgcLJA5gRrHSq6yz7F52jPaiPGONFHNRJtBc94al+/PkkXx:SLtLR5/hnSjSi+ONFtRKBl
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-