General
-
Target
16d73d784d50c6f3d522b1e9365ff152672016821fe44417d025db2816ea5def
-
Size
191KB
-
Sample
221202-cnccxagf7x
-
MD5
b8009124fc3811570af6239c7c7b5123
-
SHA1
c497bd9199d56dbc6fc559d00366e43eb1256904
-
SHA256
16d73d784d50c6f3d522b1e9365ff152672016821fe44417d025db2816ea5def
-
SHA512
7a7f70a8f8733b717ae0fc63a810888e673d22e6591f4f3bb49cac366b7ca7c50f6a824bbceb3d9826f5485b383600d3c5ab81c7ab4df82928298fed602fabaa
-
SSDEEP
3072:pgL0gnLesPCfJ8I5HDHCdKbt/L2snbkGfB202aGBwRs9E3AZxpR/:xgHPCfT+dKl9bk620Wvp
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
16d73d784d50c6f3d522b1e9365ff152672016821fe44417d025db2816ea5def
-
Size
191KB
-
MD5
b8009124fc3811570af6239c7c7b5123
-
SHA1
c497bd9199d56dbc6fc559d00366e43eb1256904
-
SHA256
16d73d784d50c6f3d522b1e9365ff152672016821fe44417d025db2816ea5def
-
SHA512
7a7f70a8f8733b717ae0fc63a810888e673d22e6591f4f3bb49cac366b7ca7c50f6a824bbceb3d9826f5485b383600d3c5ab81c7ab4df82928298fed602fabaa
-
SSDEEP
3072:pgL0gnLesPCfJ8I5HDHCdKbt/L2snbkGfB202aGBwRs9E3AZxpR/:xgHPCfT+dKl9bk620Wvp
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-