General
-
Target
531c2ef448a0a783616805d90baa648e.exe
-
Size
233KB
-
Sample
230526-jjnnpsfa3v
-
MD5
531c2ef448a0a783616805d90baa648e
-
SHA1
930ac8c50ef9b89cfb090925a6606ed38e16f3f4
-
SHA256
bdb1300eaa48c72e69b79d88bc6c877d26fd770fbd3a95c7684ecca4795e7b53
-
SHA512
07d92e128846b552ef3694f1a3c085c97564439429a485ae5555d073197df7a68827fd5a84447ee8f81d06d6d861faa68601c763bd3c9fb048e100e2f16e74f6
-
SSDEEP
3072:8kIlnYvQUkT2ynW7pWoxOxT+DmhtfNlc07j7AoxQTdVWfWS2X9Zo/D:T+wsMxO9+DwNq07n7QTjWfWNLo7
Static task
static1
Behavioral task
behavioral1
Sample
531c2ef448a0a783616805d90baa648e.exe
Resource
win7-20230220-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
531c2ef448a0a783616805d90baa648e.exe
-
Size
233KB
-
MD5
531c2ef448a0a783616805d90baa648e
-
SHA1
930ac8c50ef9b89cfb090925a6606ed38e16f3f4
-
SHA256
bdb1300eaa48c72e69b79d88bc6c877d26fd770fbd3a95c7684ecca4795e7b53
-
SHA512
07d92e128846b552ef3694f1a3c085c97564439429a485ae5555d073197df7a68827fd5a84447ee8f81d06d6d861faa68601c763bd3c9fb048e100e2f16e74f6
-
SSDEEP
3072:8kIlnYvQUkT2ynW7pWoxOxT+DmhtfNlc07j7AoxQTdVWfWS2X9Zo/D:T+wsMxO9+DwNq07n7QTjWfWNLo7
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-