General
-
Target
f3c332a22d309ce984a097db89d800f5d8af9fbfcec9e96076a6fea6f5fd4f7a.exe
-
Size
184KB
-
Sample
221203-alhe2agh94
-
MD5
2ddaf25c7e8b248d6b2f29e01b57a31f
-
SHA1
0cc53cffa140f621a845ec4b27694f021f62279a
-
SHA256
f3c332a22d309ce984a097db89d800f5d8af9fbfcec9e96076a6fea6f5fd4f7a
-
SHA512
5c8b9bf106aedd69d578cd758c83190ae9cb366646eba5818371363c0cef08bc8c1ff14930083a6828f806fc527bf0dc7770309b16ec3d616219a210fc84e94e
-
SSDEEP
3072:+3aGMPpSMeTJoG6+QW5ISOOyedlfcGPEfizxsr10Zw/WO4:/GMxMJoG6JHRu5+k
Static task
static1
Behavioral task
behavioral1
Sample
f3c332a22d309ce984a097db89d800f5d8af9fbfcec9e96076a6fea6f5fd4f7a.exe
Resource
win7-20220812-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
f3c332a22d309ce984a097db89d800f5d8af9fbfcec9e96076a6fea6f5fd4f7a.exe
-
Size
184KB
-
MD5
2ddaf25c7e8b248d6b2f29e01b57a31f
-
SHA1
0cc53cffa140f621a845ec4b27694f021f62279a
-
SHA256
f3c332a22d309ce984a097db89d800f5d8af9fbfcec9e96076a6fea6f5fd4f7a
-
SHA512
5c8b9bf106aedd69d578cd758c83190ae9cb366646eba5818371363c0cef08bc8c1ff14930083a6828f806fc527bf0dc7770309b16ec3d616219a210fc84e94e
-
SSDEEP
3072:+3aGMPpSMeTJoG6+QW5ISOOyedlfcGPEfizxsr10Zw/WO4:/GMxMJoG6JHRu5+k
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-