General
-
Target
file.exe
-
Size
299KB
-
Sample
230207-bbg7ysgg48
-
MD5
389e0bbeb62bafda651f89609f6155f1
-
SHA1
d1a66088ee38a570160c43f294b1e21129a55d0a
-
SHA256
2f459f27c19518f315b8233ab7af6fdcd04c7c886d11a3117a23e9e28c532e2c
-
SHA512
ce6f0b55206251d60acd2023f8c363cd07f4840e726e5d245bc765ac6a6ea83da2fe1bf8709ddb81d0baedf94997f584347406100eeb6b8b0752d775508ac0b6
-
SSDEEP
3072:5nb6blhL62RmhK3XIOAtjtVcT00ppPaO5M4seFd/XFuQjiMTE5jptoia5D:FWhL6l82Be3/5M4scNuQj986ia
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
299KB
-
MD5
389e0bbeb62bafda651f89609f6155f1
-
SHA1
d1a66088ee38a570160c43f294b1e21129a55d0a
-
SHA256
2f459f27c19518f315b8233ab7af6fdcd04c7c886d11a3117a23e9e28c532e2c
-
SHA512
ce6f0b55206251d60acd2023f8c363cd07f4840e726e5d245bc765ac6a6ea83da2fe1bf8709ddb81d0baedf94997f584347406100eeb6b8b0752d775508ac0b6
-
SSDEEP
3072:5nb6blhL62RmhK3XIOAtjtVcT00ppPaO5M4seFd/XFuQjiMTE5jptoia5D:FWhL6l82Be3/5M4scNuQj986ia
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-