General
-
Target
file
-
Size
299KB
-
Sample
230207-cfccyaha43
-
MD5
04a4fa24bcb580aaa580052197e69c2e
-
SHA1
9810676d6ec3a5ac4e4e89eee9dda78f4cb92345
-
SHA256
543e37e50d79fd6ea207873f7fbef74be63556d437d8aa7ad19ab8216f805793
-
SHA512
9f20f42dfded9a292bc5a7225f444082f51aa2de9ab8c18cfe8112ddfd3bf541a29541429530588d691ca4364ab3165306c34a589b5cd93b58a59c1d976e21ae
-
SSDEEP
6144:iTI08LeS30u0iHpKibRwAVwJDuQj9dkfaL:isNawHpdbfwDljjw
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file
-
Size
299KB
-
MD5
04a4fa24bcb580aaa580052197e69c2e
-
SHA1
9810676d6ec3a5ac4e4e89eee9dda78f4cb92345
-
SHA256
543e37e50d79fd6ea207873f7fbef74be63556d437d8aa7ad19ab8216f805793
-
SHA512
9f20f42dfded9a292bc5a7225f444082f51aa2de9ab8c18cfe8112ddfd3bf541a29541429530588d691ca4364ab3165306c34a589b5cd93b58a59c1d976e21ae
-
SSDEEP
6144:iTI08LeS30u0iHpKibRwAVwJDuQj9dkfaL:isNawHpdbfwDljjw
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-