General
-
Target
b892a8227db787a523706138dd91bc6f1b73551bd9c74e00c76708e3a6fdd73b.exe
-
Size
191KB
-
Sample
221203-lafb3sab52
-
MD5
28f298353029b619ba846b7612bae824
-
SHA1
9bf697b49990f3611c8ea3b8aa4a3878d75a49f8
-
SHA256
b892a8227db787a523706138dd91bc6f1b73551bd9c74e00c76708e3a6fdd73b
-
SHA512
b2bee4be65e8f97106f10a0bc1bf7972f324243c84eeab3fd57c38f622fd7a73c02696c66f5e4628d3f1c87350d71490a8eeeea3bc163175c0050bdb495adb04
-
SSDEEP
3072:TqbrZcEdN0DEIJ5+Z8NQmNOYg4qQLMYPFQUDA1plRs9E3AZxpR/n6H:Ta70DEr8dNOYg1A9DAH0vpt2
Static task
static1
Behavioral task
behavioral1
Sample
b892a8227db787a523706138dd91bc6f1b73551bd9c74e00c76708e3a6fdd73b.exe
Resource
win7-20220901-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
b892a8227db787a523706138dd91bc6f1b73551bd9c74e00c76708e3a6fdd73b.exe
-
Size
191KB
-
MD5
28f298353029b619ba846b7612bae824
-
SHA1
9bf697b49990f3611c8ea3b8aa4a3878d75a49f8
-
SHA256
b892a8227db787a523706138dd91bc6f1b73551bd9c74e00c76708e3a6fdd73b
-
SHA512
b2bee4be65e8f97106f10a0bc1bf7972f324243c84eeab3fd57c38f622fd7a73c02696c66f5e4628d3f1c87350d71490a8eeeea3bc163175c0050bdb495adb04
-
SSDEEP
3072:TqbrZcEdN0DEIJ5+Z8NQmNOYg4qQLMYPFQUDA1plRs9E3AZxpR/n6H:Ta70DEr8dNOYg1A9DAH0vpt2
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-