General
-
Target
75b15d265cc961e326bba5b067505d4c478d5221f1c8c8d43c43ca024bfc363b
-
Size
146KB
-
Sample
221129-q61p4shc3w
-
MD5
49e2377d7b078dd9132d68a28864b7aa
-
SHA1
7624f625c904d6f443293dc943fe978b87df63b0
-
SHA256
75b15d265cc961e326bba5b067505d4c478d5221f1c8c8d43c43ca024bfc363b
-
SHA512
bb7cb923651c3812fae5415b6a49f9358a69398ac0b541c67cb480c9f412ce00765ffe05d20b5a91b7c4c5b92a18964c9fa6b2ec7ec06ac09c781d850b5b44c2
-
SSDEEP
3072:X1Z9CoiH8kN5ejC8bDlUhtX7LWq+qGD0Fg0:FvCDH8HDlUhtPmqGUX
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
75b15d265cc961e326bba5b067505d4c478d5221f1c8c8d43c43ca024bfc363b
-
Size
146KB
-
MD5
49e2377d7b078dd9132d68a28864b7aa
-
SHA1
7624f625c904d6f443293dc943fe978b87df63b0
-
SHA256
75b15d265cc961e326bba5b067505d4c478d5221f1c8c8d43c43ca024bfc363b
-
SHA512
bb7cb923651c3812fae5415b6a49f9358a69398ac0b541c67cb480c9f412ce00765ffe05d20b5a91b7c4c5b92a18964c9fa6b2ec7ec06ac09c781d850b5b44c2
-
SSDEEP
3072:X1Z9CoiH8kN5ejC8bDlUhtX7LWq+qGD0Fg0:FvCDH8HDlUhtPmqGUX
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-