General
-
Target
7d3519a3112bac6d47e4a28afa93765ad0fe109d3e203f1f07dfcf8fb84b2396
-
Size
104KB
-
Sample
221130-gdkczseg6x
-
MD5
e8398fe766cdfaec2eedef217ff63878
-
SHA1
77527197723e8aeee03a8bf0644d71fb6f187142
-
SHA256
035d4c6bea59c1b9384e736bfba08de6d1b7e8859a6201f727b760624af29c8b
-
SHA512
6aa4c5f15ac9ab89bacd73fbcc6a83af80969c939bb0e62e20550446ec2a567a0553a2ca653ece443e7d3851e98f3054547a3ac0c527d720f3e70396c258f0ec
-
SSDEEP
3072:tpLhxKC+4dBSV1POmehbqX9CD/7/0iiOFcg8:j3KC+xVBegtC38idFcg8
Static task
static1
Behavioral task
behavioral1
Sample
7d3519a3112bac6d47e4a28afa93765ad0fe109d3e203f1f07dfcf8fb84b2396.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
7d3519a3112bac6d47e4a28afa93765ad0fe109d3e203f1f07dfcf8fb84b2396.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
7d3519a3112bac6d47e4a28afa93765ad0fe109d3e203f1f07dfcf8fb84b2396
-
Size
146KB
-
MD5
edeb8cf6ad50b2189148305da1711683
-
SHA1
a5843da9541016d02e3daf537a3781c9dac0716c
-
SHA256
7d3519a3112bac6d47e4a28afa93765ad0fe109d3e203f1f07dfcf8fb84b2396
-
SHA512
8cf6653627e3dcf78d45d12edd93ed27fc052534d4731c6695e4cc6ce7d271aa7f02a94ea5b70c8783c62c4bf4d334681b19213aede987f597558be0dd8be8fa
-
SSDEEP
3072:AVt0N0vO/6B9v5qJO1POmehbsM6FGUuBi:G9O/6BKJOBe7c78
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-