General
-
Target
file.exe
-
Size
192KB
-
Sample
221201-26adpseb5w
-
MD5
933744ea738c0d400192c7025863a7f3
-
SHA1
e348e57a763e13690795c55966104286c961f771
-
SHA256
8ef9103920fd0f2d79bcef4613cda20bfc1d3f5835a5dafd6d106c4756045696
-
SHA512
5a25cf666ba676eea557b1095d3220631f0cea41c9a69ab9dee426142c6d46da4f4da641d1030171218abb6946148219386fed61eb7b387c4588fcbbb25da3b5
-
SSDEEP
3072:7abW00U/432GqIJ5Vq3VhTttR0hfIcJA8M6Rs9E3AZxpR/lHT5b33mJ:7CK32GqD3VPoZ3AR3vpnTRHmJ
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
192KB
-
MD5
933744ea738c0d400192c7025863a7f3
-
SHA1
e348e57a763e13690795c55966104286c961f771
-
SHA256
8ef9103920fd0f2d79bcef4613cda20bfc1d3f5835a5dafd6d106c4756045696
-
SHA512
5a25cf666ba676eea557b1095d3220631f0cea41c9a69ab9dee426142c6d46da4f4da641d1030171218abb6946148219386fed61eb7b387c4588fcbbb25da3b5
-
SSDEEP
3072:7abW00U/432GqIJ5Vq3VhTttR0hfIcJA8M6Rs9E3AZxpR/lHT5b33mJ:7CK32GqD3VPoZ3AR3vpnTRHmJ
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-