General
-
Target
33dbfe82ab8f840bc7de23a02d6c7c08e98ca5e21d9bf1e53499baf3c3a1394e.exe
-
Size
184KB
-
Sample
221203-hlxtqadc49
-
MD5
edbbbe07f8126eead83d073a73ab0da2
-
SHA1
760c5e661efcfac013e0147263f80c2f2bf8be38
-
SHA256
33dbfe82ab8f840bc7de23a02d6c7c08e98ca5e21d9bf1e53499baf3c3a1394e
-
SHA512
fefe77cd0cdfc3952534bff4600758495c383bad07fa8415cbbd27a13fa1be7c915dcf505580a5b69ef5304335aadaf8c2573782fde154f152c8a0a2d688270d
-
SSDEEP
3072:j3BMNdO3Do5EvQW5KicTuIFhNZbPdRFZw/mW8Kewj:1Mio5EGBuIFhNZbV5JKt
Static task
static1
Behavioral task
behavioral1
Sample
33dbfe82ab8f840bc7de23a02d6c7c08e98ca5e21d9bf1e53499baf3c3a1394e.exe
Resource
win7-20221111-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
33dbfe82ab8f840bc7de23a02d6c7c08e98ca5e21d9bf1e53499baf3c3a1394e.exe
-
Size
184KB
-
MD5
edbbbe07f8126eead83d073a73ab0da2
-
SHA1
760c5e661efcfac013e0147263f80c2f2bf8be38
-
SHA256
33dbfe82ab8f840bc7de23a02d6c7c08e98ca5e21d9bf1e53499baf3c3a1394e
-
SHA512
fefe77cd0cdfc3952534bff4600758495c383bad07fa8415cbbd27a13fa1be7c915dcf505580a5b69ef5304335aadaf8c2573782fde154f152c8a0a2d688270d
-
SSDEEP
3072:j3BMNdO3Do5EvQW5KicTuIFhNZbPdRFZw/mW8Kewj:1Mio5EGBuIFhNZbV5JKt
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-