General
-
Target
d5a5a01b0ae07617b17c151653dbc8f1d57ec8050607d493e2160c6158b904b4
-
Size
139KB
-
Sample
221130-j7ze4scg56
-
MD5
bacad23c54496e31b32019362e8b9001
-
SHA1
00b7ff54fa243cae3e0af739071100fe533deffa
-
SHA256
d5a5a01b0ae07617b17c151653dbc8f1d57ec8050607d493e2160c6158b904b4
-
SHA512
4309c9515e6a965addcb4de7aa5ddac42d5808921ce16bb982d0924502bc30ea06fdcae18001144eb3ff0cea148522003b2996b7de777e3060fef48c10fafd6b
-
SSDEEP
3072:v1KsPM9JdDIP5agixQLQoAYLahmOCDcW49:caMzydLaic
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
d5a5a01b0ae07617b17c151653dbc8f1d57ec8050607d493e2160c6158b904b4
-
Size
139KB
-
MD5
bacad23c54496e31b32019362e8b9001
-
SHA1
00b7ff54fa243cae3e0af739071100fe533deffa
-
SHA256
d5a5a01b0ae07617b17c151653dbc8f1d57ec8050607d493e2160c6158b904b4
-
SHA512
4309c9515e6a965addcb4de7aa5ddac42d5808921ce16bb982d0924502bc30ea06fdcae18001144eb3ff0cea148522003b2996b7de777e3060fef48c10fafd6b
-
SSDEEP
3072:v1KsPM9JdDIP5agixQLQoAYLahmOCDcW49:caMzydLaic
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-