General
-
Target
file.exe
-
Size
190KB
-
Sample
221202-d3m9dsaa72
-
MD5
5a09ace381848e5de39119429d59f200
-
SHA1
e50ab0cbd9dfbd5f761ad5271af10007f109078e
-
SHA256
b064c232f1bad3676d5c38c286792167977f4b22d759f38368e27a97860652b0
-
SHA512
846696d1100cbbfdc378512ffb633a4de89db40add21ccad356f477636b7752a1c8af3436ccbf7a909b97d2c6e400bfdffc93f43452925ae4ec72f2a6253b21f
-
SSDEEP
3072:igpbk+E2v/rI5YqEeNF23SuVZt+idXAnyCqk/Rs9E3AZxpR/6O7n:u2HjqTnju1+QXFLXvpHD
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
190KB
-
MD5
5a09ace381848e5de39119429d59f200
-
SHA1
e50ab0cbd9dfbd5f761ad5271af10007f109078e
-
SHA256
b064c232f1bad3676d5c38c286792167977f4b22d759f38368e27a97860652b0
-
SHA512
846696d1100cbbfdc378512ffb633a4de89db40add21ccad356f477636b7752a1c8af3436ccbf7a909b97d2c6e400bfdffc93f43452925ae4ec72f2a6253b21f
-
SSDEEP
3072:igpbk+E2v/rI5YqEeNF23SuVZt+idXAnyCqk/Rs9E3AZxpR/6O7n:u2HjqTnju1+QXFLXvpHD
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-