General
-
Target
file.exe
-
Size
274KB
-
Sample
230528-2qhedagg52
-
MD5
9e8fd9b52cc7c49d4d6f4b06871d4ac3
-
SHA1
f8fda1b7940328c06fc0624410683379afa0e683
-
SHA256
689468657a6a412107280d600296af39e1a25c439ad8f838d02dd0de3196bde0
-
SHA512
a1b3e848f88dcc3e78946a239bf6a9bc095e1cf76944316a17ccd321f60103e4b4b60186fddec7b9161838c6566bfa466c5f45c55e96e50e69f09622d14e0de0
-
SSDEEP
3072:kEJ3SeUHEbUg295fWPlejybLCuyJAbn1EtGqxqH5Z5w9udc4JQ:pJ3Se1Ug2LWPlJLCuiAb1urMGH
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
274KB
-
MD5
9e8fd9b52cc7c49d4d6f4b06871d4ac3
-
SHA1
f8fda1b7940328c06fc0624410683379afa0e683
-
SHA256
689468657a6a412107280d600296af39e1a25c439ad8f838d02dd0de3196bde0
-
SHA512
a1b3e848f88dcc3e78946a239bf6a9bc095e1cf76944316a17ccd321f60103e4b4b60186fddec7b9161838c6566bfa466c5f45c55e96e50e69f09622d14e0de0
-
SSDEEP
3072:kEJ3SeUHEbUg295fWPlejybLCuyJAbn1EtGqxqH5Z5w9udc4JQ:pJ3Se1Ug2LWPlJLCuiAb1urMGH
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-