General
-
Target
file.exe
-
Size
299KB
-
Sample
230206-x6pfeaag6v
-
MD5
a21bdfec619934728706de4bf42f4d7c
-
SHA1
d8dfcfb85ca4b68219a3329b90f400a76dc4dba8
-
SHA256
49d8d8aefa86738d67fdb9600d9150126573954f1c062a7a14c76a0d1d2539a5
-
SHA512
e28798a28b7e2199c4c933452c934462d2a96a8974de947bbbbb7207f59c49001c854c3fc59fa8b4fadca120b47ed025b1a1e3016ebde5565d91cf54cb5a5b79
-
SSDEEP
6144:C9jtL3d9QwGi6eL78QYvNC4GuQj9LA9a:C9tD8w96K71cN6ljNe
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
299KB
-
MD5
a21bdfec619934728706de4bf42f4d7c
-
SHA1
d8dfcfb85ca4b68219a3329b90f400a76dc4dba8
-
SHA256
49d8d8aefa86738d67fdb9600d9150126573954f1c062a7a14c76a0d1d2539a5
-
SHA512
e28798a28b7e2199c4c933452c934462d2a96a8974de947bbbbb7207f59c49001c854c3fc59fa8b4fadca120b47ed025b1a1e3016ebde5565d91cf54cb5a5b79
-
SSDEEP
6144:C9jtL3d9QwGi6eL78QYvNC4GuQj9LA9a:C9tD8w96K71cN6ljNe
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-