General
-
Target
3df93116fbfe376675cddec3c61800db395662efb978f06165e0d71ba470dc46
-
Size
184KB
-
Sample
221201-qh7thseh2t
-
MD5
60d25cb165031da6b27d3bfd04daf7b9
-
SHA1
ec461741b9fff50dd225d821baa208b1c2e162bf
-
SHA256
3df93116fbfe376675cddec3c61800db395662efb978f06165e0d71ba470dc46
-
SHA512
83138e781de32484bfafe7f9057267a3803fb8ed57dbf881ab0488f4fc0356d7d1554a71887f908b8be9b2bdba57de338c583a91d0233dadd62553ff61723dcc
-
SSDEEP
3072:KXLf9u/CNgqq5g+cf8v+kCaBwP4m7c3evDAbEamaA:CNgq6Y7X7c3esEama
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
3df93116fbfe376675cddec3c61800db395662efb978f06165e0d71ba470dc46
-
Size
184KB
-
MD5
60d25cb165031da6b27d3bfd04daf7b9
-
SHA1
ec461741b9fff50dd225d821baa208b1c2e162bf
-
SHA256
3df93116fbfe376675cddec3c61800db395662efb978f06165e0d71ba470dc46
-
SHA512
83138e781de32484bfafe7f9057267a3803fb8ed57dbf881ab0488f4fc0356d7d1554a71887f908b8be9b2bdba57de338c583a91d0233dadd62553ff61723dcc
-
SSDEEP
3072:KXLf9u/CNgqq5g+cf8v+kCaBwP4m7c3evDAbEamaA:CNgq6Y7X7c3esEama
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-