General
-
Target
file.exe
-
Size
299KB
-
Sample
230207-bncs1agh32
-
MD5
1c5c5fcbb9411738d3e6945a538522c9
-
SHA1
e9f3e00bb4f5a3035481d05d7429c825bd16ab7b
-
SHA256
8009c5bc8df7fb418791fe8ec56e58ee257ef1dcddbe47a8dfe180b6fee3b390
-
SHA512
e580b9531d14e3fe0264559d70f43b7d8a8a77ab32b52d3d5e919b96871af264b4886e55752e9feefa352746846ea1310cb5ef49cd3a81643b822e8d70878947
-
SSDEEP
3072:3zb6bLKLLCeRmSULtjK0h13Di9+6QtXxp+q0rsL4spqIuQjiMTE5JOPa5H:j0KLLCdSuR1zis6QtXxYTN+qIuQj9ja
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
299KB
-
MD5
1c5c5fcbb9411738d3e6945a538522c9
-
SHA1
e9f3e00bb4f5a3035481d05d7429c825bd16ab7b
-
SHA256
8009c5bc8df7fb418791fe8ec56e58ee257ef1dcddbe47a8dfe180b6fee3b390
-
SHA512
e580b9531d14e3fe0264559d70f43b7d8a8a77ab32b52d3d5e919b96871af264b4886e55752e9feefa352746846ea1310cb5ef49cd3a81643b822e8d70878947
-
SSDEEP
3072:3zb6bLKLLCeRmSULtjK0h13Di9+6QtXxp+q0rsL4spqIuQjiMTE5JOPa5H:j0KLLCdSuR1zis6QtXxYTN+qIuQj9ja
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-