General
-
Target
aab9fb739d0cbd6d3880bc3194c76312d3ccedbaed57df9654847e4c9ea284a2
-
Size
145KB
-
Sample
221129-zk33saef74
-
MD5
9650527993962fc77a3028b14a1013a9
-
SHA1
3538764b4ae35abf22f5c560ec54d235029ab879
-
SHA256
aab9fb739d0cbd6d3880bc3194c76312d3ccedbaed57df9654847e4c9ea284a2
-
SHA512
a5e07e18362819b4ed438c277e0607eb9a15b040be5f7e10639deb9f4a6432c3096292e89fb0d70ad1009ab1ee155695b9b957ed762e2883c1b08aebc204cfcf
-
SSDEEP
3072:cDh7gIwglBmk2fUp5+UHRgdWuCgWDQjArU86:dIjBb2ZSR+5CxDQje6
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
aab9fb739d0cbd6d3880bc3194c76312d3ccedbaed57df9654847e4c9ea284a2
-
Size
145KB
-
MD5
9650527993962fc77a3028b14a1013a9
-
SHA1
3538764b4ae35abf22f5c560ec54d235029ab879
-
SHA256
aab9fb739d0cbd6d3880bc3194c76312d3ccedbaed57df9654847e4c9ea284a2
-
SHA512
a5e07e18362819b4ed438c277e0607eb9a15b040be5f7e10639deb9f4a6432c3096292e89fb0d70ad1009ab1ee155695b9b957ed762e2883c1b08aebc204cfcf
-
SSDEEP
3072:cDh7gIwglBmk2fUp5+UHRgdWuCgWDQjArU86:dIjBb2ZSR+5CxDQje6
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-