General
-
Target
e715cb5375a82daa8b4ff8a5234a965dc2499e4fb3398830bde6d75a637023a0
-
Size
146KB
-
Sample
221129-ynad7sba58
-
MD5
feadb66c00d4dfd08a3106954258adf8
-
SHA1
4bb9fb168726f091a50c1f127f4e47ece6d8941d
-
SHA256
e715cb5375a82daa8b4ff8a5234a965dc2499e4fb3398830bde6d75a637023a0
-
SHA512
49917dfbc2400c4ce4a3f53d0e415e368cfe641c35f76633da9ce0dd1859689a91a0f8b5d9c5eb0cfd71088ffb142614156a08970a168184006064ee232c086e
-
SSDEEP
3072:x+DUo9mzwbRmpqexy5wJ9YqR5bXnWsa8KS1necw7b:Vo8zwspqeZBXnWsa8KS1eT
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
e715cb5375a82daa8b4ff8a5234a965dc2499e4fb3398830bde6d75a637023a0
-
Size
146KB
-
MD5
feadb66c00d4dfd08a3106954258adf8
-
SHA1
4bb9fb168726f091a50c1f127f4e47ece6d8941d
-
SHA256
e715cb5375a82daa8b4ff8a5234a965dc2499e4fb3398830bde6d75a637023a0
-
SHA512
49917dfbc2400c4ce4a3f53d0e415e368cfe641c35f76633da9ce0dd1859689a91a0f8b5d9c5eb0cfd71088ffb142614156a08970a168184006064ee232c086e
-
SSDEEP
3072:x+DUo9mzwbRmpqexy5wJ9YqR5bXnWsa8KS1necw7b:Vo8zwspqeZBXnWsa8KS1eT
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-