General
-
Target
4cfad436d1866ac61fdb1160fd919fe085501a6de79905f02386ca2c0f5a140d
-
Size
139KB
-
Sample
221130-fx9asade2v
-
MD5
31b3db0de54d12c49384f075e24727a6
-
SHA1
f7b425de24096d94a6750d9b05b2520545edac8d
-
SHA256
4cfad436d1866ac61fdb1160fd919fe085501a6de79905f02386ca2c0f5a140d
-
SHA512
8c2421dd0df0aeb64bed6558bb12e8ad1d1b3e740fa8b1075606d3e44ff9deffcae6a4cf9e641fc3c54e41c7ba120548e9b88bc6e693eb68aa1a71f64ba3982d
-
SSDEEP
1536:jpu4fjLe0nWZu9YCMmMr5LUI695e2d0dnmup7NIjw9zUyUgCLnyZmqaWpAIYKaA5:tTfznEr5Av9bcn9Kw9zUySLinaWrYho
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
4cfad436d1866ac61fdb1160fd919fe085501a6de79905f02386ca2c0f5a140d
-
Size
139KB
-
MD5
31b3db0de54d12c49384f075e24727a6
-
SHA1
f7b425de24096d94a6750d9b05b2520545edac8d
-
SHA256
4cfad436d1866ac61fdb1160fd919fe085501a6de79905f02386ca2c0f5a140d
-
SHA512
8c2421dd0df0aeb64bed6558bb12e8ad1d1b3e740fa8b1075606d3e44ff9deffcae6a4cf9e641fc3c54e41c7ba120548e9b88bc6e693eb68aa1a71f64ba3982d
-
SSDEEP
1536:jpu4fjLe0nWZu9YCMmMr5LUI695e2d0dnmup7NIjw9zUyUgCLnyZmqaWpAIYKaA5:tTfznEr5Av9bcn9Kw9zUySLinaWrYho
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-