General
-
Target
file.exe
-
Size
298KB
-
Sample
230206-w7q5ysae6y
-
MD5
778ef465bb35e3be7b9d73d2c5fec1a3
-
SHA1
9eb4dab3696bed45d73c473fb219ba20b033e8c8
-
SHA256
d124a72b02038dff86f5724a52f9ce0369a511a841b2f5fdeaa2e9809a872162
-
SHA512
7537d9112c986701defcdc886aa5348d522d196a138626b05d90f40bf10a7977e4b27e97e9c8b04e65ebf574958b134e3bfc30d9a59017fbd7b9799a2557a820
-
SSDEEP
3072:Cahb6b0AYLLFaRGn+mQ+MP87/XG1DCK4DFTeKi7uQjiMTE5wVarAa1w:C6bAYLxZzQlPMRK4cKi7uQj9rVarAa
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
298KB
-
MD5
778ef465bb35e3be7b9d73d2c5fec1a3
-
SHA1
9eb4dab3696bed45d73c473fb219ba20b033e8c8
-
SHA256
d124a72b02038dff86f5724a52f9ce0369a511a841b2f5fdeaa2e9809a872162
-
SHA512
7537d9112c986701defcdc886aa5348d522d196a138626b05d90f40bf10a7977e4b27e97e9c8b04e65ebf574958b134e3bfc30d9a59017fbd7b9799a2557a820
-
SSDEEP
3072:Cahb6b0AYLLFaRGn+mQ+MP87/XG1DCK4DFTeKi7uQjiMTE5wVarAa1w:C6bAYLxZzQlPMRK4cKi7uQj9rVarAa
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-