General
-
Target
8843202280.zip
-
Size
139KB
-
Sample
230508-n83alscc6v
-
MD5
40e3640ea2cd1731cb3c265e1ca80c94
-
SHA1
9c90da2647d02351c90247cf9fde770096a37e0d
-
SHA256
e601e2249d2ed99e05552157a32aa73fb476f2b55bb63d10f9a3405d8269c693
-
SHA512
19993b49f291108288d6cd8bfca2f48a90e88487c7475019cc993d36e814e0aaf53a745646adc0970f03b3a13a84c23b422939094cfbcde2f3df071a951f9605
-
SSDEEP
3072:1EA+AEZqewODWcC75vdGLZA/t++hIea4TErNJy3zhWN:X+fwODWIWTh+NQ3zhWN
Static task
static1
Behavioral task
behavioral1
Sample
8bfa1accffb316ba6411badba264e55b04bbe73ec58c79e85f7e523bf1ecdc45.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
8bfa1accffb316ba6411badba264e55b04bbe73ec58c79e85f7e523bf1ecdc45.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
8bfa1accffb316ba6411badba264e55b04bbe73ec58c79e85f7e523bf1ecdc45
-
Size
232KB
-
MD5
f6254a206b59207201f38f69fb018932
-
SHA1
4109d2edf584ce7f8104410eaa02ddae1aa37117
-
SHA256
8bfa1accffb316ba6411badba264e55b04bbe73ec58c79e85f7e523bf1ecdc45
-
SHA512
bf6ab8ed99b730a364affed3f341387d82a5fed4ae052f4e897726adae2e963182083a3ba6fa52dfa6f2bd9cc9c3b92643279f46bebf931288545938da5a01b6
-
SSDEEP
3072:aIGGLok59Gt+ECvLFwyvBnlS1g/tK8MJ2LJDhzLrcSb54VIcVTuh:TLoYC+rK+ztK8MY3bIr
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-