General
-
Target
cb23468978f5c4dfb7636cb65765918a385173547e4324a33db9580ffbe0d754
-
Size
202KB
-
Sample
220925-m9arbaedh4
-
MD5
44a95f7833e41707186f8ca4f77ae47f
-
SHA1
2af7705a1b6d7ec16696850f90514c45cef75b86
-
SHA256
cb23468978f5c4dfb7636cb65765918a385173547e4324a33db9580ffbe0d754
-
SHA512
54c5042fa6ed1051d246b558e95e7f9b3468e89897d0c202269547ab92ec05edba5ec9124e9324f607c993dc597489fe4124b0e16ce4d0a8c12001e930a77cc8
-
SSDEEP
3072:p9wYBV4wyQj5J19T2MVvHgNcAEt1ffyYBtiT3gna/PkxXx:ZryI19Tz/FST3gn
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
cb23468978f5c4dfb7636cb65765918a385173547e4324a33db9580ffbe0d754
-
Size
202KB
-
MD5
44a95f7833e41707186f8ca4f77ae47f
-
SHA1
2af7705a1b6d7ec16696850f90514c45cef75b86
-
SHA256
cb23468978f5c4dfb7636cb65765918a385173547e4324a33db9580ffbe0d754
-
SHA512
54c5042fa6ed1051d246b558e95e7f9b3468e89897d0c202269547ab92ec05edba5ec9124e9324f607c993dc597489fe4124b0e16ce4d0a8c12001e930a77cc8
-
SSDEEP
3072:p9wYBV4wyQj5J19T2MVvHgNcAEt1ffyYBtiT3gna/PkxXx:ZryI19Tz/FST3gn
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-