General
-
Target
file.exe
-
Size
191KB
-
Sample
221202-cj16gagc7y
-
MD5
c0fe6d5734eeeba10c4362f371806db0
-
SHA1
a00c31a557921590011de17b9ce81c0c0a4870b2
-
SHA256
3ea6d76470b7e3a7b4a7c9425ed31f4c629ee5de1c8578752aca782aab759446
-
SHA512
5d7cc93476d853c129875275fb1ee96cfbe42f687dd0396deb23f909bcc7229f6e9d43e5d0288bd61a7df9be1c12f3b72e5f336443aa20967dc9011f793f18a3
-
SSDEEP
3072:ERssBRaXkknXI5x7w3b66HdEufngG/Rs9E3AZxpR/sbqYq:jXkkn67Fc5avpYqYq
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
191KB
-
MD5
c0fe6d5734eeeba10c4362f371806db0
-
SHA1
a00c31a557921590011de17b9ce81c0c0a4870b2
-
SHA256
3ea6d76470b7e3a7b4a7c9425ed31f4c629ee5de1c8578752aca782aab759446
-
SHA512
5d7cc93476d853c129875275fb1ee96cfbe42f687dd0396deb23f909bcc7229f6e9d43e5d0288bd61a7df9be1c12f3b72e5f336443aa20967dc9011f793f18a3
-
SSDEEP
3072:ERssBRaXkknXI5x7w3b66HdEufngG/Rs9E3AZxpR/sbqYq:jXkkn67Fc5avpYqYq
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-