General
-
Target
352f91e0ea977a70741e8c9dc6bd391aa99e91d86d91920fa4ebe4608b76d6a0
-
Size
230KB
-
Sample
221227-ewdxtaec45
-
MD5
c131e4131922ac7146480fa219a4dc89
-
SHA1
890120aab795b127032bc04f92350d43ef3bf107
-
SHA256
352f91e0ea977a70741e8c9dc6bd391aa99e91d86d91920fa4ebe4608b76d6a0
-
SHA512
c29555cd6ab3949f14ed8d3928bdf98e2abf13fa93917f5f4d0cbdc9be19f3ad8edd26ff9e309d3fb36029760a2b1fe1f8794e98867604a41eccd7355975b0aa
-
SSDEEP
3072:rJTxML085/KXKNPAWhF+YTed9zSMWPtYKs/xAI9h:AL0CKELhYYK7W1YDZ
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
352f91e0ea977a70741e8c9dc6bd391aa99e91d86d91920fa4ebe4608b76d6a0
-
Size
230KB
-
MD5
c131e4131922ac7146480fa219a4dc89
-
SHA1
890120aab795b127032bc04f92350d43ef3bf107
-
SHA256
352f91e0ea977a70741e8c9dc6bd391aa99e91d86d91920fa4ebe4608b76d6a0
-
SHA512
c29555cd6ab3949f14ed8d3928bdf98e2abf13fa93917f5f4d0cbdc9be19f3ad8edd26ff9e309d3fb36029760a2b1fe1f8794e98867604a41eccd7355975b0aa
-
SSDEEP
3072:rJTxML085/KXKNPAWhF+YTed9zSMWPtYKs/xAI9h:AL0CKELhYYK7W1YDZ
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-