General
-
Target
e9de43f24d8b6f5be55ef6971d3d14e5.bin
-
Size
141KB
-
Sample
230517-b812bsdd52
-
MD5
4f585f5fab7ce41552b6da19d5622f8d
-
SHA1
5aac9891daff26543ff355dd679f0f2a8d3f67a9
-
SHA256
ee168e1e121e68d3365469578e75aea24bcdc6e024d1c10edafe9559ee366190
-
SHA512
d8a2700b5195f2082700e91dce382edd91a338ffe42e13289ab420252f312e5b5030e704d7873bf214c0a1f62c9017345cdc092d387eb03b0a0987313b9e2308
-
SSDEEP
3072:BqRsq0BsoJyTrVkzUuhxn7OvpvOs3bPerFy4hwI:I7oJyTrVkIuhxCZOs37K42wI
Static task
static1
Behavioral task
behavioral1
Sample
02ada88638528eb89e67ce30a88ca8a58efab167c389ffd893641459bc64666f.exe
Resource
win7-20230220-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
02ada88638528eb89e67ce30a88ca8a58efab167c389ffd893641459bc64666f.exe
-
Size
234KB
-
MD5
e9de43f24d8b6f5be55ef6971d3d14e5
-
SHA1
ca701f416d520ed37a6b5103dc8358a53c896410
-
SHA256
02ada88638528eb89e67ce30a88ca8a58efab167c389ffd893641459bc64666f
-
SHA512
2ccddd5bda9366a0bd39fa2334ee27f4220816d69569d6d6f064e43ebe5e26c01fa17cfee17197c2e2151501b874ef1d88503a1e4ba40ca36f45e3c062ccdeba
-
SSDEEP
3072:jVPQzmAd7g0wS/+NvCTrKxdOZIyp+Uq3urvbWUWNiHvv5+kQ54A5W4OCNZ:aBOSearQdN7KoOv8i6Z
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-