General
-
Target
file.exe
-
Size
300KB
-
Sample
230207-ak2saage98
-
MD5
fe041a63df2b9558f2247cb6f07f97bf
-
SHA1
b772f20c7ea8d3655e64717bdc82cbd669d7ef65
-
SHA256
585707b6537eb783c58cde2b84c84a7741eb129b885aba9ff7822c2345f39362
-
SHA512
c86151847fc94b2b4bb4b6cfd0aecb78228afd34b2ec3003fa14dcb7d9259ea282e6677e08648f9fd93d273b2cad27742d0da0fd684268fc636ca5b64b609656
-
SSDEEP
3072:8Lb6bfTL45RmziYvPtd7Sj4yprPD0uQjiMTE59W2Hva5D:4QTL4+Oy7orIuQj9UHva
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
300KB
-
MD5
fe041a63df2b9558f2247cb6f07f97bf
-
SHA1
b772f20c7ea8d3655e64717bdc82cbd669d7ef65
-
SHA256
585707b6537eb783c58cde2b84c84a7741eb129b885aba9ff7822c2345f39362
-
SHA512
c86151847fc94b2b4bb4b6cfd0aecb78228afd34b2ec3003fa14dcb7d9259ea282e6677e08648f9fd93d273b2cad27742d0da0fd684268fc636ca5b64b609656
-
SSDEEP
3072:8Lb6bfTL45RmziYvPtd7Sj4yprPD0uQjiMTE59W2Hva5D:4QTL4+Oy7orIuQj9UHva
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-