General
-
Target
file.exe
-
Size
250KB
-
Sample
230327-sww1aagb5x
-
MD5
6263d643c0d58b6c2a93a84b52305cab
-
SHA1
e7170cb232b503e0f4e855cd971a4fb85b7fad01
-
SHA256
e3b2d5d28090159d5f3e1587633085ece2fc54a369f2685252909f1bbb28cc3a
-
SHA512
1c2ce485cd07663f3e60a22a9e9124f0d7029ed41909bd1cc455a4f05a40d73f850a2554e405276e203ed362bb995ae5781b51fb21faa1e86069936c741ee64c
-
SSDEEP
3072:f15ld/jSIFzGdkYLYtKy+UUOrD+tVVe71rOFqdbRzSAvX0pj4yMvfj5qvEPbX:dLdDz+kYLgKbUpro81OFqLvqj4yMAvE
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
250KB
-
MD5
6263d643c0d58b6c2a93a84b52305cab
-
SHA1
e7170cb232b503e0f4e855cd971a4fb85b7fad01
-
SHA256
e3b2d5d28090159d5f3e1587633085ece2fc54a369f2685252909f1bbb28cc3a
-
SHA512
1c2ce485cd07663f3e60a22a9e9124f0d7029ed41909bd1cc455a4f05a40d73f850a2554e405276e203ed362bb995ae5781b51fb21faa1e86069936c741ee64c
-
SSDEEP
3072:f15ld/jSIFzGdkYLYtKy+UUOrD+tVVe71rOFqdbRzSAvX0pj4yMvfj5qvEPbX:dLdDz+kYLgKbUpro81OFqLvqj4yMAvE
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-