General
-
Target
file.exe
-
Size
191KB
-
Sample
221202-ddb5tsba2t
-
MD5
bff9693e292aad0bbda02492bb3aa681
-
SHA1
237e200bebe82d2a0bfecdb5688c0e041b696ac0
-
SHA256
c2bb35d36cbf438f3c2013a83115b783db85c04f3bc237f3798e884b8ebdff23
-
SHA512
ddc5beb5fd812367f70f34749f55ff50b74468068899141c96a7d4e9a21ba5db0d5e737844b029858c1e697e9d0e8409519373d69cb863d4e3d4c2dcedf279f4
-
SSDEEP
3072:2QfXSXjeGetYar6XI5AdDCQDehXG3HcaoZBQPKjoa7hhnRs9E3AZxpR/aW:qYYar4SVC8BBQPKjb7Gvp
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
191KB
-
MD5
bff9693e292aad0bbda02492bb3aa681
-
SHA1
237e200bebe82d2a0bfecdb5688c0e041b696ac0
-
SHA256
c2bb35d36cbf438f3c2013a83115b783db85c04f3bc237f3798e884b8ebdff23
-
SHA512
ddc5beb5fd812367f70f34749f55ff50b74468068899141c96a7d4e9a21ba5db0d5e737844b029858c1e697e9d0e8409519373d69cb863d4e3d4c2dcedf279f4
-
SSDEEP
3072:2QfXSXjeGetYar6XI5AdDCQDehXG3HcaoZBQPKjoa7hhnRs9E3AZxpR/aW:qYYar4SVC8BBQPKjb7Gvp
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-