General
-
Target
file.exe
-
Size
264KB
-
Sample
230515-rjy4faeb8s
-
MD5
d09b253fe63c553f18390c64fae241b2
-
SHA1
59462f514478528abce4ba8071475cd7eed4f518
-
SHA256
6989520bc009b96f7023447c961deb13cf6f5fa915c8e72ec05e14a1ef00ba7c
-
SHA512
315ba07bbd61fe27533fcb2657ff7cc4b8b7d1bf090377f815fe2dddb8029875c746ab540261f0d3ad411f0193703b4d2b2e1859b05ba9c5e132fb649d39108e
-
SSDEEP
3072:bp41b88SQkCni4itSJrc9WFHzO5t0e6LE483cZScA3Q3gORWz+7sLC44mKPl2yC:s5SHSJA9UHwSe6a3Rw3AmpY7MZ
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
264KB
-
MD5
d09b253fe63c553f18390c64fae241b2
-
SHA1
59462f514478528abce4ba8071475cd7eed4f518
-
SHA256
6989520bc009b96f7023447c961deb13cf6f5fa915c8e72ec05e14a1ef00ba7c
-
SHA512
315ba07bbd61fe27533fcb2657ff7cc4b8b7d1bf090377f815fe2dddb8029875c746ab540261f0d3ad411f0193703b4d2b2e1859b05ba9c5e132fb649d39108e
-
SSDEEP
3072:bp41b88SQkCni4itSJrc9WFHzO5t0e6LE483cZScA3Q3gORWz+7sLC44mKPl2yC:s5SHSJA9UHwSe6a3Rw3AmpY7MZ
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-