General
-
Target
file.exe
-
Size
265KB
-
Sample
230327-1q2ycahd8s
-
MD5
cd8743aa91752e2e02571b2fe3a1c27b
-
SHA1
3ba45028288170cfa3f137f5ce8924f0fbf6d36f
-
SHA256
e3c7793b26883da4922c5bc91a769b0c1345badc04c967e5f89177aaf8364ea7
-
SHA512
903cf7987825b983fcb7b87ef2900c61dbb5e92ded53191839be2ddf68cf09849fdd7399ae10766d9e5d1f5aa89dd1d4e32f6024e96bd7dac3645c5939017274
-
SSDEEP
3072:FzSyRHyNFTsVxLZfLOAFGCluuTqoJUR1d5rFIjRu4xDYFLdBL5kMpDCU3wsUf2:9P5yNmVxLt4KmoaR1d5ralfxDYRSMp
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
265KB
-
MD5
cd8743aa91752e2e02571b2fe3a1c27b
-
SHA1
3ba45028288170cfa3f137f5ce8924f0fbf6d36f
-
SHA256
e3c7793b26883da4922c5bc91a769b0c1345badc04c967e5f89177aaf8364ea7
-
SHA512
903cf7987825b983fcb7b87ef2900c61dbb5e92ded53191839be2ddf68cf09849fdd7399ae10766d9e5d1f5aa89dd1d4e32f6024e96bd7dac3645c5939017274
-
SSDEEP
3072:FzSyRHyNFTsVxLZfLOAFGCluuTqoJUR1d5rFIjRu4xDYFLdBL5kMpDCU3wsUf2:9P5yNmVxLt4KmoaR1d5ralfxDYRSMp
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-