General
-
Target
file.exe
-
Size
192KB
-
Sample
221201-tzaf5abb8w
-
MD5
3894a58334e66e157e9d18c39bd68f9e
-
SHA1
ebdc8d605f155c8ceb7cc1f28e8463188ef8eae7
-
SHA256
7f2449827262abc18421245fb8d65b7eee8dd441baf44742266d9d7633cc079e
-
SHA512
0375a5330b9808b09cc68e70d3479a241f50e4f56a60c83730dff5fe4b0ee5880d80a3e8b44bd93faccf9fede5d5b961d5972c2e8f502374fed068507f9f0821
-
SSDEEP
3072:kJ603TxxN3EsBz5/gbVvHI18aC9gH+5paXHDAbEauWa:klV3EsBhgBv9yezvEao
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
192KB
-
MD5
3894a58334e66e157e9d18c39bd68f9e
-
SHA1
ebdc8d605f155c8ceb7cc1f28e8463188ef8eae7
-
SHA256
7f2449827262abc18421245fb8d65b7eee8dd441baf44742266d9d7633cc079e
-
SHA512
0375a5330b9808b09cc68e70d3479a241f50e4f56a60c83730dff5fe4b0ee5880d80a3e8b44bd93faccf9fede5d5b961d5972c2e8f502374fed068507f9f0821
-
SSDEEP
3072:kJ603TxxN3EsBz5/gbVvHI18aC9gH+5paXHDAbEauWa:klV3EsBhgBv9yezvEao
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-