General
-
Target
be9ef8bbf759fa8d9ddb5cbf60890e5277b606c703db8fe2f6633152b67fcd26.exe
-
Size
185KB
-
Sample
221203-c35b8sbc7v
-
MD5
75c87170e12fc96072edcff9d79c2195
-
SHA1
f840dd1d16e1b5929762126cc6e94eae3de48700
-
SHA256
be9ef8bbf759fa8d9ddb5cbf60890e5277b606c703db8fe2f6633152b67fcd26
-
SHA512
b964951a6a5b9e495f64e8855078cb763f19a7b733861bf32754efd20298ab4daeb6bcd6b0a3cffe0a68681b68912cf2e197a7e24741dbe4f957fd8ef3173177
-
SSDEEP
3072:iIMtwRH0XXHQ8RjuuuMn5m0ibhaUhzyy0xUif4K2lFKRw+6ghuvmF:vMS8RjuuiJyyaUn+MB
Static task
static1
Behavioral task
behavioral1
Sample
be9ef8bbf759fa8d9ddb5cbf60890e5277b606c703db8fe2f6633152b67fcd26.exe
Resource
win7-20220812-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
be9ef8bbf759fa8d9ddb5cbf60890e5277b606c703db8fe2f6633152b67fcd26.exe
-
Size
185KB
-
MD5
75c87170e12fc96072edcff9d79c2195
-
SHA1
f840dd1d16e1b5929762126cc6e94eae3de48700
-
SHA256
be9ef8bbf759fa8d9ddb5cbf60890e5277b606c703db8fe2f6633152b67fcd26
-
SHA512
b964951a6a5b9e495f64e8855078cb763f19a7b733861bf32754efd20298ab4daeb6bcd6b0a3cffe0a68681b68912cf2e197a7e24741dbe4f957fd8ef3173177
-
SSDEEP
3072:iIMtwRH0XXHQ8RjuuuMn5m0ibhaUhzyy0xUif4K2lFKRw+6ghuvmF:vMS8RjuuiJyyaUn+MB
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-