General
-
Target
969cbe894bade6e664ebc759576a44abba87e73dc093e09b7a97ec3c1099bbb3
-
Size
105KB
-
Sample
221130-e9j1zsbe7v
-
MD5
a1d435edfd8f2967d78d37bbf530da8d
-
SHA1
a6e711016407cdd9649036d968bf082220530441
-
SHA256
2e864ab2bdf9055ef8b206b9d640562c68894be7dd4462249d05a973be43cbdf
-
SHA512
fe9d6f42a9cfdb302367a3833cb1b7a2f335a39fed64be8e36013f4ef82a9fc9b670100271303271735309247d529ebc5e34118aa815187ab3aa3f03132ed69d
-
SSDEEP
3072:JBKop6gyBYFNzeOi5hL5/SxJ4aOEkYWpRudv7F9vth:JBn6g5Dzedhd/IDkYWpRuTHh
Static task
static1
Behavioral task
behavioral1
Sample
969cbe894bade6e664ebc759576a44abba87e73dc093e09b7a97ec3c1099bbb3.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
969cbe894bade6e664ebc759576a44abba87e73dc093e09b7a97ec3c1099bbb3.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
969cbe894bade6e664ebc759576a44abba87e73dc093e09b7a97ec3c1099bbb3
-
Size
147KB
-
MD5
bf64cf006d94eea938529abb0e6b4ee8
-
SHA1
2808b73fcee94aaaa39240549c616f1d97eb8839
-
SHA256
969cbe894bade6e664ebc759576a44abba87e73dc093e09b7a97ec3c1099bbb3
-
SHA512
a5d281994b61c3664cfa3d783a6f2fac17b57ac9a2fb01f69534f11dcc70ae2229a0ce7b1ce4dca2bb6ee5ae9f29f17dbcc11a721cc93ce7f0aa098a055bbf23
-
SSDEEP
3072:qxHNuRGCqn5Si5hL5/SxJ4aOEnr8LUwHx/r0NfuCOD:iGGCEhd/IDr8QwHdr0Ah
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-