General
-
Target
ac9329aa2dab017e973a0d69f196d1442be687dd0ac23da8027003b35fcfb466
-
Size
191KB
-
Sample
221201-3vfl1sdb63
-
MD5
002d331f53d2fc2f6045dc40df655e57
-
SHA1
aca9701153b8775e9c9397815f7f24e6b769e3bf
-
SHA256
ac9329aa2dab017e973a0d69f196d1442be687dd0ac23da8027003b35fcfb466
-
SHA512
4fd5b53685c2470b1a98e6564421935aad87d223ced39e3afa9c7133f5a6e893a1617d3b6a5bc4563f4430cd9998ca9da84f122f0a66bbf1ed65a8ea0f64cbe2
-
SSDEEP
3072:TBps7XAE9XnI5q8sxKc8BI+eU7sJL8jA/PsSA2JRs9E3AZxpR/h:M9X3QBIW7sZ+A/kGwvpb
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
ac9329aa2dab017e973a0d69f196d1442be687dd0ac23da8027003b35fcfb466
-
Size
191KB
-
MD5
002d331f53d2fc2f6045dc40df655e57
-
SHA1
aca9701153b8775e9c9397815f7f24e6b769e3bf
-
SHA256
ac9329aa2dab017e973a0d69f196d1442be687dd0ac23da8027003b35fcfb466
-
SHA512
4fd5b53685c2470b1a98e6564421935aad87d223ced39e3afa9c7133f5a6e893a1617d3b6a5bc4563f4430cd9998ca9da84f122f0a66bbf1ed65a8ea0f64cbe2
-
SSDEEP
3072:TBps7XAE9XnI5q8sxKc8BI+eU7sJL8jA/PsSA2JRs9E3AZxpR/h:M9X3QBIW7sZ+A/kGwvpb
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-