General
-
Target
file.exe
-
Size
321KB
-
Sample
230206-sfl55see56
-
MD5
2f14b44502bac1a189183ac0b94374c9
-
SHA1
ea2e058c7358ae74614e921deea811e574190261
-
SHA256
013cdab5709380b9864ffdcdbef544167f59de3e309b6aefdd7b6ce642ba80a8
-
SHA512
0e63ebf899833ff4bc3047c4a797e10c0677ca1d25813cf1f087e4721461b239f0ce23328a0a26e9a5878195d41551bb6d7a0dea1f83809b778ca0333b3a315b
-
SSDEEP
3072:2dz+3bLnqTBtYvRKsJw8BPgqXqcLU5Xn6z5xzvv9NjHC1//+sxA7r25qMV+v3:s8LstY8sJ/b9L8Ut9HClRkSi
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
321KB
-
MD5
2f14b44502bac1a189183ac0b94374c9
-
SHA1
ea2e058c7358ae74614e921deea811e574190261
-
SHA256
013cdab5709380b9864ffdcdbef544167f59de3e309b6aefdd7b6ce642ba80a8
-
SHA512
0e63ebf899833ff4bc3047c4a797e10c0677ca1d25813cf1f087e4721461b239f0ce23328a0a26e9a5878195d41551bb6d7a0dea1f83809b778ca0333b3a315b
-
SSDEEP
3072:2dz+3bLnqTBtYvRKsJw8BPgqXqcLU5Xn6z5xzvv9NjHC1//+sxA7r25qMV+v3:s8LstY8sJ/b9L8Ut9HClRkSi
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-