General
-
Target
395b468922bf4cd6a9b006e27d62cc7ffaeee6d3d81905beecf7794bd7a580a5
-
Size
146KB
-
Sample
221129-t8ykbaae51
-
MD5
974086a541c07f398782dc865244d97a
-
SHA1
e0d50e5173c8cd1307125e7c673c6abca559af92
-
SHA256
395b468922bf4cd6a9b006e27d62cc7ffaeee6d3d81905beecf7794bd7a580a5
-
SHA512
6c32e5dfdfee430112437a9d37a8d6864d1cc5e28189b4f94b915469d28519adb437c2147ce734eaa37a2af7b8ac631557105d592a4e70728bbf85e14058af52
-
SSDEEP
3072:xoDPQ3UNfCyr0y5WFAQJSubEDFg3shsjQLEfWAW9+:s0Ut7r2F1KFUtjQEfWA8+
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
395b468922bf4cd6a9b006e27d62cc7ffaeee6d3d81905beecf7794bd7a580a5
-
Size
146KB
-
MD5
974086a541c07f398782dc865244d97a
-
SHA1
e0d50e5173c8cd1307125e7c673c6abca559af92
-
SHA256
395b468922bf4cd6a9b006e27d62cc7ffaeee6d3d81905beecf7794bd7a580a5
-
SHA512
6c32e5dfdfee430112437a9d37a8d6864d1cc5e28189b4f94b915469d28519adb437c2147ce734eaa37a2af7b8ac631557105d592a4e70728bbf85e14058af52
-
SSDEEP
3072:xoDPQ3UNfCyr0y5WFAQJSubEDFg3shsjQLEfWAW9+:s0Ut7r2F1KFUtjQEfWA8+
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-