General
-
Target
af519d5725789fff17bb19b62c7cc1999584c49224c39697a56b41239906995b
-
Size
202KB
-
Sample
220925-mk56xsfegk
-
MD5
5347db48b1c7f09d163cf96be76ca819
-
SHA1
c26a3fec17335ac209af271911bdf6fc04be96c4
-
SHA256
af519d5725789fff17bb19b62c7cc1999584c49224c39697a56b41239906995b
-
SHA512
f0c98a2d20b19d5bf14474ff07b71d67839402b85e45659ee04bbce032f0698e2c0c5a1c9a046644e4b15d5ef28e9f0b3e53379ca5d7d3a7d20562bf77d166e8
-
SSDEEP
3072:oAmOLMb7m5KS6836b9IrEzWB8oCjhkWgj/PkIXx:69F8KZI4c
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
af519d5725789fff17bb19b62c7cc1999584c49224c39697a56b41239906995b
-
Size
202KB
-
MD5
5347db48b1c7f09d163cf96be76ca819
-
SHA1
c26a3fec17335ac209af271911bdf6fc04be96c4
-
SHA256
af519d5725789fff17bb19b62c7cc1999584c49224c39697a56b41239906995b
-
SHA512
f0c98a2d20b19d5bf14474ff07b71d67839402b85e45659ee04bbce032f0698e2c0c5a1c9a046644e4b15d5ef28e9f0b3e53379ca5d7d3a7d20562bf77d166e8
-
SSDEEP
3072:oAmOLMb7m5KS6836b9IrEzWB8oCjhkWgj/PkIXx:69F8KZI4c
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-