General
-
Target
file.exe
-
Size
321KB
-
Sample
230206-ttnfsseg93
-
MD5
79c6ee0d6fd3628d6fce1d88cd84be8a
-
SHA1
bce2ff105ad1f4a572ffd3c3447b175f7a7b25c5
-
SHA256
31c7bc56ea8f6e485f1fa6db8e172f148603e9f16da5514fc788e88dbbb1b9c7
-
SHA512
43c32d7617c5583ad693e362154ea1a15ddc4b337764d7966e88ae96ae6f8daee82feea65c5d32929a672caa114d3d4cfc569061d91b806b626e8cbfc628d11e
-
SSDEEP
6144:NILrgS0Yx4gqxijowKofP2uQj9xRwaM5:NIPgU4gqxSKoX2ljGD
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
321KB
-
MD5
79c6ee0d6fd3628d6fce1d88cd84be8a
-
SHA1
bce2ff105ad1f4a572ffd3c3447b175f7a7b25c5
-
SHA256
31c7bc56ea8f6e485f1fa6db8e172f148603e9f16da5514fc788e88dbbb1b9c7
-
SHA512
43c32d7617c5583ad693e362154ea1a15ddc4b337764d7966e88ae96ae6f8daee82feea65c5d32929a672caa114d3d4cfc569061d91b806b626e8cbfc628d11e
-
SSDEEP
6144:NILrgS0Yx4gqxijowKofP2uQj9xRwaM5:NIPgU4gqxSKoX2ljGD
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-