General
-
Target
4c78722ee6d4b7012fbf5782234536df7457d554deae8d57c69a52ea31e4dbba
-
Size
138KB
-
Sample
221130-dqfzjscb99
-
MD5
24337ef201024a29b112d551fb0365c6
-
SHA1
d3ddd529d0e72c322ccbbee880c4cab98ead8bb2
-
SHA256
4c78722ee6d4b7012fbf5782234536df7457d554deae8d57c69a52ea31e4dbba
-
SHA512
0d5cdf6f7eb2b8e0b917e2ad067719b7526e211c978c613d4cdac5c553b19e09e8a1f7571b38835419bac18bb594298367aec18c8443f6a8e2e30241f450ad97
-
SSDEEP
3072:/TOjn4Fr5vKRY+4hTlUPt/egU/BeT0xh4ZSJK:gQhBum/84xhG
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
4c78722ee6d4b7012fbf5782234536df7457d554deae8d57c69a52ea31e4dbba
-
Size
138KB
-
MD5
24337ef201024a29b112d551fb0365c6
-
SHA1
d3ddd529d0e72c322ccbbee880c4cab98ead8bb2
-
SHA256
4c78722ee6d4b7012fbf5782234536df7457d554deae8d57c69a52ea31e4dbba
-
SHA512
0d5cdf6f7eb2b8e0b917e2ad067719b7526e211c978c613d4cdac5c553b19e09e8a1f7571b38835419bac18bb594298367aec18c8443f6a8e2e30241f450ad97
-
SSDEEP
3072:/TOjn4Fr5vKRY+4hTlUPt/egU/BeT0xh4ZSJK:gQhBum/84xhG
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-