General
-
Target
328c2e026064a17552df265a9ced731f2cd2040ea302437819e4f2bccf410b2d.exe
-
Size
185KB
-
Sample
221203-gzedvsbd36
-
MD5
e116b192ea993d3f4f287b441f6ed470
-
SHA1
e9fed4db6ac75b1bc6988a7b48290f85fa160b46
-
SHA256
328c2e026064a17552df265a9ced731f2cd2040ea302437819e4f2bccf410b2d
-
SHA512
ef9b5c6eb7b9c826bb0124a3bf5b12549355a4d4ca202bd3fa6c5ef147a4d0fffa3a95d7ad477bb54f4a8424dc55da2f955eb92c243a64110eb742d21c429c6d
-
SSDEEP
3072:tyqMvI7N+xdHYtGMn5aSEEpLgk2QeFJpPFCMmrdEWq4mfKRw+6NEn:rM5xdHYt8qskpeFJtF9W/mf+MNE
Static task
static1
Behavioral task
behavioral1
Sample
328c2e026064a17552df265a9ced731f2cd2040ea302437819e4f2bccf410b2d.exe
Resource
win7-20220812-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
328c2e026064a17552df265a9ced731f2cd2040ea302437819e4f2bccf410b2d.exe
-
Size
185KB
-
MD5
e116b192ea993d3f4f287b441f6ed470
-
SHA1
e9fed4db6ac75b1bc6988a7b48290f85fa160b46
-
SHA256
328c2e026064a17552df265a9ced731f2cd2040ea302437819e4f2bccf410b2d
-
SHA512
ef9b5c6eb7b9c826bb0124a3bf5b12549355a4d4ca202bd3fa6c5ef147a4d0fffa3a95d7ad477bb54f4a8424dc55da2f955eb92c243a64110eb742d21c429c6d
-
SSDEEP
3072:tyqMvI7N+xdHYtGMn5aSEEpLgk2QeFJpPFCMmrdEWq4mfKRw+6NEn:rM5xdHYt8qskpeFJtF9W/mf+MNE
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-