General
-
Target
38684693053584c3cab7a9de72d95a8a1bd010351ce1c023505f36b770f7fa62
-
Size
106KB
-
Sample
221129-wzg73sgd71
-
MD5
09996ce0bdb202476c44b60f31ec4418
-
SHA1
9a6c83898031cf8e3ecc6993981b7c818bb7bc78
-
SHA256
7964dbbcd14d66c785b5908a2a9d4969906f1312635a917302cc755e9c27aa6f
-
SHA512
cbba6092a5c2984e123f71bc6a1ced551c06984809adc249db836b9d2416128b69c5e9c343f6e0dc6ad6211dfd14b2936622fd1206e09bdf578bfb5fe6dc6b9d
-
SSDEEP
1536:HqxtFFrdq/O8ZY35tVNQ02ceX8bh7d6Mt240SGUvOn/+7aC5EuLbjr57IbqooJR0:IroNytVEc28tZ6EuSGcOn//Q3r5H5il
Static task
static1
Behavioral task
behavioral1
Sample
38684693053584c3cab7a9de72d95a8a1bd010351ce1c023505f36b770f7fa62.exe
Resource
win7-20221111-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
38684693053584c3cab7a9de72d95a8a1bd010351ce1c023505f36b770f7fa62
-
Size
148KB
-
MD5
53538af5c50d7630c126e6c2dff32c7b
-
SHA1
19d9fc9ad096addf16608b6f13ea24bd042c6c51
-
SHA256
38684693053584c3cab7a9de72d95a8a1bd010351ce1c023505f36b770f7fa62
-
SHA512
4d234a9e726d6fb5822e5a31c00d63f0ac6aa0bad4c129c270d18fe7168a6760a030dc3c48305a88350756c4836b373a081070622cc32806af6b71c221c7db68
-
SSDEEP
3072:i2cTyeE8AeWn5ku22jifgRimvWkdpvbY:CTyx8Aej2jdzek/Y
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-