General
-
Target
7d3519a3112bac6d47e4a28afa93765ad0fe109d3e203f1f07dfcf8fb84b2396
-
Size
104KB
-
Sample
221129-2gfjesdf99
-
MD5
1c5e8b2770e2ba132e576e4a2207bddf
-
SHA1
af2c572e505fa13db28e63073d4d5a955ced03dd
-
SHA256
c20e1d71b7502e516bc81775264434e349aa2bb52d70cbf9098a036e5f412812
-
SHA512
6a2214d139ea441bb3cd57503c961597d0da37575cd57741120b02bac34671e9ea91744bb380a381869308568cf5ff8e4ec0db0fd62fbbf6b4b9fc9135acc4fd
-
SSDEEP
3072:wpLhxKC+4dBSV1POmehbqX9CD/7/0iiOFcgf:Y3KC+xVBegtC38idFcgf
Static task
static1
Behavioral task
behavioral1
Sample
7d3519a3112bac6d47e4a28afa93765ad0fe109d3e203f1f07dfcf8fb84b2396.exe
Resource
win7-20220901-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
7d3519a3112bac6d47e4a28afa93765ad0fe109d3e203f1f07dfcf8fb84b2396
-
Size
146KB
-
MD5
edeb8cf6ad50b2189148305da1711683
-
SHA1
a5843da9541016d02e3daf537a3781c9dac0716c
-
SHA256
7d3519a3112bac6d47e4a28afa93765ad0fe109d3e203f1f07dfcf8fb84b2396
-
SHA512
8cf6653627e3dcf78d45d12edd93ed27fc052534d4731c6695e4cc6ce7d271aa7f02a94ea5b70c8783c62c4bf4d334681b19213aede987f597558be0dd8be8fa
-
SSDEEP
3072:AVt0N0vO/6B9v5qJO1POmehbsM6FGUuBi:G9O/6BKJOBe7c78
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-