General
-
Target
2df9e15a40383966d55fecd858259c770be5b70d537c24b416d5cf045bba2929
-
Size
185KB
-
Sample
221130-mheaeseg6x
-
MD5
1c5e5f86fe3cca92894d215867094168
-
SHA1
77b98b39a63a0513a5064833386d47b36855a908
-
SHA256
2df9e15a40383966d55fecd858259c770be5b70d537c24b416d5cf045bba2929
-
SHA512
68c4c4fac27b4938c009ce57adf8cffc1436d254a33ce798bde3c71f75e4204de2bd350ee09f1095c1c6896c91311ba73e86dc14fb7d6e3ab69fb5e92bfa7e13
-
SSDEEP
3072:nXMMUyuwOttYAd5+ygOWkH6XwtKgyTmEs35I1kEY0upL90NQVYf:cMLOttDxWkmwUgyTmEuW1670Ny
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
2df9e15a40383966d55fecd858259c770be5b70d537c24b416d5cf045bba2929
-
Size
185KB
-
MD5
1c5e5f86fe3cca92894d215867094168
-
SHA1
77b98b39a63a0513a5064833386d47b36855a908
-
SHA256
2df9e15a40383966d55fecd858259c770be5b70d537c24b416d5cf045bba2929
-
SHA512
68c4c4fac27b4938c009ce57adf8cffc1436d254a33ce798bde3c71f75e4204de2bd350ee09f1095c1c6896c91311ba73e86dc14fb7d6e3ab69fb5e92bfa7e13
-
SSDEEP
3072:nXMMUyuwOttYAd5+ygOWkH6XwtKgyTmEs35I1kEY0upL90NQVYf:cMLOttDxWkmwUgyTmEuW1670Ny
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-