General
-
Target
fdf60ea183992d4f0748d63987006b67a0b6d168f44d407ad5fe2bbc2aeb8759
-
Size
203KB
-
Sample
220925-lcp93aebb5
-
MD5
01dda47d9a91990ccf6509f3adbc481a
-
SHA1
c049e1d1db218a43f4a55ba9c4ac2c98e14ec219
-
SHA256
fdf60ea183992d4f0748d63987006b67a0b6d168f44d407ad5fe2bbc2aeb8759
-
SHA512
8acb481c7719b6936d037f632a2a6d5b3527a7165f2a05100e5dd9c35ab998bc8bc95f33809c64719b69877f188cd42bafef175d9ecd06fed851b50bf4aa89a4
-
SSDEEP
3072:aCXsWNX4km5NhxwZDrf0CgyUw9XABfQ3C/PkIXx:OKZDXUw9O
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
fdf60ea183992d4f0748d63987006b67a0b6d168f44d407ad5fe2bbc2aeb8759
-
Size
203KB
-
MD5
01dda47d9a91990ccf6509f3adbc481a
-
SHA1
c049e1d1db218a43f4a55ba9c4ac2c98e14ec219
-
SHA256
fdf60ea183992d4f0748d63987006b67a0b6d168f44d407ad5fe2bbc2aeb8759
-
SHA512
8acb481c7719b6936d037f632a2a6d5b3527a7165f2a05100e5dd9c35ab998bc8bc95f33809c64719b69877f188cd42bafef175d9ecd06fed851b50bf4aa89a4
-
SSDEEP
3072:aCXsWNX4km5NhxwZDrf0CgyUw9XABfQ3C/PkIXx:OKZDXUw9O
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-