General
-
Target
file.exe
-
Size
299KB
-
Sample
230206-wr2azsfb99
-
MD5
d85ac9e4a318a111a633603b59a678e1
-
SHA1
ba5a2ce4a943803ad266ab79920e51ac1376f572
-
SHA256
1c72c9334aabb179971f5b154fbc75245add5765a6f8cc2648df5b6248698623
-
SHA512
da08eafc66990a1fb891db71a8c2a26553297c6a8b423ce6976b2893840f73d4c79365afddbd9af9d80cdf981b2da56b8323226c9a7d743bc090fee1048d09a4
-
SSDEEP
3072:CoXb6bh/LvtDRGXjO8GLQiYkSX5DB6gkrIGk0QuQjiMTE5hoa1M:CaC/LFgXj7GNBSVB6gwjQuQj9ha
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
299KB
-
MD5
d85ac9e4a318a111a633603b59a678e1
-
SHA1
ba5a2ce4a943803ad266ab79920e51ac1376f572
-
SHA256
1c72c9334aabb179971f5b154fbc75245add5765a6f8cc2648df5b6248698623
-
SHA512
da08eafc66990a1fb891db71a8c2a26553297c6a8b423ce6976b2893840f73d4c79365afddbd9af9d80cdf981b2da56b8323226c9a7d743bc090fee1048d09a4
-
SSDEEP
3072:CoXb6bh/LvtDRGXjO8GLQiYkSX5DB6gkrIGk0QuQjiMTE5hoa1M:CaC/LFgXj7GNBSVB6gwjQuQj9ha
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-