General
-
Target
bd650f0d1cdae90e4a008e0ad214fdb8d16a549a5463d06d25d284c019b7657b
-
Size
105KB
-
Sample
221129-ypwc3aed4t
-
MD5
61a93572a3b581e1855ab0ac8cd5ee35
-
SHA1
8a8b179e4f24fee840fb0fae5a62f844d601166d
-
SHA256
3f6038c5aaf6de7bfb3361774f3fade01c05435542fccb445314287e2a252d19
-
SHA512
b2622644e3a160a4328dfc29f066661ed3b4b9f26563837bec89733ec0757b1a773364225cce07992be6f37d8949fe59e6c89ce52a18f7774daa677f4810e2ac
-
SSDEEP
1536:HJHwHy+8FP2Pli7Yjx1P13sMFYxgYQ+moyC3apCXGbpM4B1jI9s3OftjiacxY:mS+8cwKv8LLpICqpF918G3IJD
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
bd650f0d1cdae90e4a008e0ad214fdb8d16a549a5463d06d25d284c019b7657b
-
Size
147KB
-
MD5
1b8099400f9b3df55bb4b9a6b4e0b849
-
SHA1
9f737eeb8a5b084511a4b655cb5ace0413d2ed8b
-
SHA256
bd650f0d1cdae90e4a008e0ad214fdb8d16a549a5463d06d25d284c019b7657b
-
SHA512
da97e8411dc9cc7427906a427a3cd36bfcba2e6881c54764234588d6e1371339753469ddba9635366c51b58eb0314fe76235e96db011d59274cd6ca03bea9193
-
SSDEEP
3072:rsL7PaCvJSVUn5fOkOVCvvj8n/NTWYtWmxP88xq9:gWCvJSVgOktHjufWm1E
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-