General
-
Target
fcbee5f1e9c90cdcbdf6efd7c76bcbecf7c33e5cf7cb38aaac6a79af28497e7f
-
Size
146KB
-
Sample
221129-j4tqfsee4s
-
MD5
5fbc17d2cb50106297f861377728868a
-
SHA1
938019318cca1bd9ad78646e4a6a34058cb31a7a
-
SHA256
fcbee5f1e9c90cdcbdf6efd7c76bcbecf7c33e5cf7cb38aaac6a79af28497e7f
-
SHA512
72aa4deb6c8158dd01012abe734ecf602f9c63971c0ca8701409022a9fb5f5098f99c290ecad25c4ca4116f939cc4908f3aeb88ddb66b76f66abc20bcc728318
-
SSDEEP
3072:R9Vs9i/ALv95tNQBEnllKx7DhaLKLQylktUQA:zVipLHQBEnl6DhsKPy
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
fcbee5f1e9c90cdcbdf6efd7c76bcbecf7c33e5cf7cb38aaac6a79af28497e7f
-
Size
146KB
-
MD5
5fbc17d2cb50106297f861377728868a
-
SHA1
938019318cca1bd9ad78646e4a6a34058cb31a7a
-
SHA256
fcbee5f1e9c90cdcbdf6efd7c76bcbecf7c33e5cf7cb38aaac6a79af28497e7f
-
SHA512
72aa4deb6c8158dd01012abe734ecf602f9c63971c0ca8701409022a9fb5f5098f99c290ecad25c4ca4116f939cc4908f3aeb88ddb66b76f66abc20bcc728318
-
SSDEEP
3072:R9Vs9i/ALv95tNQBEnllKx7DhaLKLQylktUQA:zVipLHQBEnl6DhsKPy
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-