General
-
Target
93631bf8b4dacdddb67851b76d8b797a00882fb03e9e0cf5fb86e7b4e5141883.zip
-
Size
111KB
-
Sample
221124-rgc37ahf62
-
MD5
efe4b7bd3a9c0e95372263c6578303a1
-
SHA1
d7f5b80de2beb8894d7c33e9e6c9e69083e83afc
-
SHA256
a24fbd10f52c26d3f50e648625b48ff37c1e84cdb45fd31dda1c9589cf168f5b
-
SHA512
22437e5c4dd4ee06345715acf33280f89c859991f3bb0664c070659e97690574b109da476d3d976231c846f3047ab7b3b83869d6ca491b504e04381f171f7fbd
-
SSDEEP
3072:yiPLf4GPwVBxGHYK5FK6F/AiioacciRaY:yEPMBcHYKTF3io8Y
Static task
static1
Behavioral task
behavioral1
Sample
93631bf8b4dacdddb67851b76d8b797a00882fb03e9e0cf5fb86e7b4e5141883.exe
Resource
win7-20221111-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
93631bf8b4dacdddb67851b76d8b797a00882fb03e9e0cf5fb86e7b4e5141883.exe
-
Size
163KB
-
MD5
238a6c05a356546d9f41e4ce53d989f3
-
SHA1
304155abbd030ea827e20cd7cd6677f5e69a6871
-
SHA256
93631bf8b4dacdddb67851b76d8b797a00882fb03e9e0cf5fb86e7b4e5141883
-
SHA512
38ddba65054480c7348d736274089a5846f1a1180fdd134966ff0f82bba32c9de676d68015fb1457a5def2c5ac4dd61c1c08ccf572f3cbc47cef6ad539cc98b3
-
SSDEEP
3072:QaxY4k2cA2yg5NMEg+i2wrMyN+6xsYgvqlKqtYUFD:QCl2u1kJyNR98
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-