General
-
Target
file.exe
-
Size
185KB
-
Sample
221130-vlt42she58
-
MD5
1a8cef9789b5c1e3a83ef003720aacdd
-
SHA1
d07c3110de282cf420237cf26f56ca58ad399132
-
SHA256
bc004f040d80ca215b98f3ad47251266d2a24041c3e578a5a9a73d93f8201a12
-
SHA512
b92a90d6184a912af34ca71d7a23ce30f7fe695e47e5c2a861d0578e6b180b89604dff681928af3b5d3c7bbe3ea25931db16415a4c70ccd2c43ba93ab4ccdfcb
-
SSDEEP
3072:0KHSLMME4sYRzSHl3lQW51d3XTTCHUjVTvgofFZw/+FIp:qMrGzSHlzxCHUxcM
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
185KB
-
MD5
1a8cef9789b5c1e3a83ef003720aacdd
-
SHA1
d07c3110de282cf420237cf26f56ca58ad399132
-
SHA256
bc004f040d80ca215b98f3ad47251266d2a24041c3e578a5a9a73d93f8201a12
-
SHA512
b92a90d6184a912af34ca71d7a23ce30f7fe695e47e5c2a861d0578e6b180b89604dff681928af3b5d3c7bbe3ea25931db16415a4c70ccd2c43ba93ab4ccdfcb
-
SSDEEP
3072:0KHSLMME4sYRzSHl3lQW51d3XTTCHUjVTvgofFZw/+FIp:qMrGzSHlzxCHUxcM
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-