General
-
Target
969cbe894bade6e664ebc759576a44abba87e73dc093e09b7a97ec3c1099bbb3
-
Size
105KB
-
Sample
221129-z7ecyacc2y
-
MD5
4987b9d476ba9e21e256566b56ac28f0
-
SHA1
774d656c813b65daa1543cf6d6f61a3025bb4ff1
-
SHA256
c34ceb9ee84bec57a14766d8d240ba36aab3e69daf53d1a7cf321b5d2372dc38
-
SHA512
6613342519493d21fb7cabe8e67d1762f1d368a6d73bfcab70063a52a62c74494f09167c5fda4e5535005605aa81b99f6e2bc4ab63d1fd9df2ed97369226524e
-
SSDEEP
3072:sBKop6gyBYFNzeOi5hL5/SxJ4aOEkYWpRudv7F9vtk:sBn6g5Dzedhd/IDkYWpRuTHk
Static task
static1
Behavioral task
behavioral1
Sample
969cbe894bade6e664ebc759576a44abba87e73dc093e09b7a97ec3c1099bbb3.exe
Resource
win7-20220812-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
969cbe894bade6e664ebc759576a44abba87e73dc093e09b7a97ec3c1099bbb3
-
Size
147KB
-
MD5
bf64cf006d94eea938529abb0e6b4ee8
-
SHA1
2808b73fcee94aaaa39240549c616f1d97eb8839
-
SHA256
969cbe894bade6e664ebc759576a44abba87e73dc093e09b7a97ec3c1099bbb3
-
SHA512
a5d281994b61c3664cfa3d783a6f2fac17b57ac9a2fb01f69534f11dcc70ae2229a0ce7b1ce4dca2bb6ee5ae9f29f17dbcc11a721cc93ce7f0aa098a055bbf23
-
SSDEEP
3072:qxHNuRGCqn5Si5hL5/SxJ4aOEnr8LUwHx/r0NfuCOD:iGGCEhd/IDr8QwHdr0Ah
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-