General
-
Target
51ef98d09961f9cf455b4e042999f4f2ca47f908e2432fc58e976ab9d4268b3a
-
Size
106KB
-
Sample
221129-v83ppsdh61
-
MD5
e01d9281ab65c90e26767599cd122b0b
-
SHA1
404ad0d28efce32791badb70bf78accffd7b4bf7
-
SHA256
2c4f1042e9853135fe9f345f463a2a8020657c3ed79d61eb6066876e48bdb636
-
SHA512
30e3e184dd9418795873c5c10b32f701dfcb0a011427a1832569691fcbccb427b952d282e2cfd5ff0312313fc2339f0dcf0bafd82df6e5b3f1dbdd02cf8e4365
-
SSDEEP
3072:RnlGrmbzKN8kStwrtNszGgWDwIj1v6YW9ojXetM4xB8HvDz:mmbzbtstNsagaEYWKjbdz
Static task
static1
Behavioral task
behavioral1
Sample
51ef98d09961f9cf455b4e042999f4f2ca47f908e2432fc58e976ab9d4268b3a.exe
Resource
win7-20220812-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
51ef98d09961f9cf455b4e042999f4f2ca47f908e2432fc58e976ab9d4268b3a
-
Size
148KB
-
MD5
674f6f47bcd256ab551b0b41f1bcaab4
-
SHA1
b4e1d5b2b4c283265dc5a54ecc66d09289fe9f75
-
SHA256
51ef98d09961f9cf455b4e042999f4f2ca47f908e2432fc58e976ab9d4268b3a
-
SHA512
e9fa747bd48234c3075f56f55f7eb659af0c57cb4f60a0594d827d74a1362cae26e126d5e150c7d5c22561a91cd2c552a2731e1692dba17bd9896bc9f685f8d1
-
SSDEEP
1536:MooT+fuLjBDF9pSbFP8BnWkPk0Wn5/NV032+QbhY06R4u1uc7fpqoEW7LlaRsrGW:MooTyeE8AeWn5loJ0KF7fJPWuxl/D
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-