General
-
Target
bd650f0d1cdae90e4a008e0ad214fdb8d16a549a5463d06d25d284c019b7657b
-
Size
105KB
-
Sample
221130-dxfx5acg25
-
MD5
e1292699a879fe81a54646e39e84cf38
-
SHA1
cee4a5ed5a84a1d2668de6e474c0539c47883a27
-
SHA256
2e27c7716163ec248bd3e1e7aea8402eefd70218e1b95b32e6ac30154f2c856d
-
SHA512
6af551eb72cce04a0c530d218f369ab58ed275794829e7d25f843b3c3d9aa4d25aba5ff35070e4ab81370f6618628e97d953df641dd1bbd1cb71dad3a793a204
-
SSDEEP
1536:dJHwHy+8FP2Pli7Yjx1P13sMFYxgYQ+moyC3apCXGbpM4B1jI9s3Oftjiacxe:wS+8cwKv8LLpICqpF918G3IJx
Static task
static1
Behavioral task
behavioral1
Sample
bd650f0d1cdae90e4a008e0ad214fdb8d16a549a5463d06d25d284c019b7657b.exe
Resource
win7-20220812-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
bd650f0d1cdae90e4a008e0ad214fdb8d16a549a5463d06d25d284c019b7657b
-
Size
147KB
-
MD5
1b8099400f9b3df55bb4b9a6b4e0b849
-
SHA1
9f737eeb8a5b084511a4b655cb5ace0413d2ed8b
-
SHA256
bd650f0d1cdae90e4a008e0ad214fdb8d16a549a5463d06d25d284c019b7657b
-
SHA512
da97e8411dc9cc7427906a427a3cd36bfcba2e6881c54764234588d6e1371339753469ddba9635366c51b58eb0314fe76235e96db011d59274cd6ca03bea9193
-
SSDEEP
3072:rsL7PaCvJSVUn5fOkOVCvvj8n/NTWYtWmxP88xq9:gWCvJSVgOktHjufWm1E
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-