General
-
Target
file.exe
-
Size
260KB
-
Sample
230327-p476qsde32
-
MD5
27a71ca98bf0136e20b7e7a20a59882e
-
SHA1
06094ebd972ad233e649350872eda88b29cbffd7
-
SHA256
6658d9ff2c6f57b948f1a4f0b66ee5bc19246f32102e60fe6503b3127e7041c3
-
SHA512
1ef06faf3186ee15c75d950a4521bc79f4a5ac07aa6fceb83500392d1f5c1fc125ab663b50173076b4429c104c0d0c2b0c454e3ee62a1817f61e5d019ec97b0d
-
SSDEEP
3072:nZ1JP7IfDzrsBrxknL2H0ZYlDJ1iAX6euVG4zE8E1m8L4QQXRb/YRj5WzXv:nJDIQBVknLM0Z2DJ1zk8481P4QQXx
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
260KB
-
MD5
27a71ca98bf0136e20b7e7a20a59882e
-
SHA1
06094ebd972ad233e649350872eda88b29cbffd7
-
SHA256
6658d9ff2c6f57b948f1a4f0b66ee5bc19246f32102e60fe6503b3127e7041c3
-
SHA512
1ef06faf3186ee15c75d950a4521bc79f4a5ac07aa6fceb83500392d1f5c1fc125ab663b50173076b4429c104c0d0c2b0c454e3ee62a1817f61e5d019ec97b0d
-
SSDEEP
3072:nZ1JP7IfDzrsBrxknL2H0ZYlDJ1iAX6euVG4zE8E1m8L4QQXRb/YRj5WzXv:nJDIQBVknLM0Z2DJ1zk8481P4QQXx
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-