General
-
Target
5dd912779fa19291eb1b8a275bc3df19020a9d6cd0199585f85e2676928f823b
-
Size
140KB
-
Sample
221129-3vd37aab22
-
MD5
cac8f798358a8e954c0746dc7fd93968
-
SHA1
7a6837f6377cf1ed36c584159e9abbd9c0b9fd23
-
SHA256
5dd912779fa19291eb1b8a275bc3df19020a9d6cd0199585f85e2676928f823b
-
SHA512
4ea79c13bc9040361d67f0ce794e66554c233efae465c5075bb2795d3caa2a6c9bebef6e69dddcfc94f430b1885afab5bf29ea16eeb996355c7c57dd592d0639
-
SSDEEP
1536:g3pu4kELIogNl2+pCm+r51nFDXt5dOdagcJm4WWxo8xXgwkB2b8BwLFoQ7oarYOD:qTkAlr59t7gaBxo8FRk/KFoQ7rrYU
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
5dd912779fa19291eb1b8a275bc3df19020a9d6cd0199585f85e2676928f823b
-
Size
140KB
-
MD5
cac8f798358a8e954c0746dc7fd93968
-
SHA1
7a6837f6377cf1ed36c584159e9abbd9c0b9fd23
-
SHA256
5dd912779fa19291eb1b8a275bc3df19020a9d6cd0199585f85e2676928f823b
-
SHA512
4ea79c13bc9040361d67f0ce794e66554c233efae465c5075bb2795d3caa2a6c9bebef6e69dddcfc94f430b1885afab5bf29ea16eeb996355c7c57dd592d0639
-
SSDEEP
1536:g3pu4kELIogNl2+pCm+r51nFDXt5dOdagcJm4WWxo8xXgwkB2b8BwLFoQ7oarYOD:qTkAlr59t7gaBxo8FRk/KFoQ7rrYU
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-