General
-
Target
file.exe
-
Size
275KB
-
Sample
230528-awrrfsdf32
-
MD5
2f77f1e54c07ab0c6de596e5d2f2752a
-
SHA1
bca1fb0b3c0dc75674e2e890b158f4d190779517
-
SHA256
6cbb3fe987652c86b25b99d155e18d4880bc4d542b7d1007f1f3dc85342d8403
-
SHA512
f9135d7359849780ff5b0a188c97e2a1322e44755a9e166d39a06771a848429f308b77a76fb8b616fc0458ed7ae74d263d87fcac2b45cb17a7ad9ae905ef6129
-
SSDEEP
3072:f/qKydBOTQx6OiPuloRN4vAHHMoPd5gG+/GvA26/:3qKy6Qx6BPueRN4oMnGCz
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
275KB
-
MD5
2f77f1e54c07ab0c6de596e5d2f2752a
-
SHA1
bca1fb0b3c0dc75674e2e890b158f4d190779517
-
SHA256
6cbb3fe987652c86b25b99d155e18d4880bc4d542b7d1007f1f3dc85342d8403
-
SHA512
f9135d7359849780ff5b0a188c97e2a1322e44755a9e166d39a06771a848429f308b77a76fb8b616fc0458ed7ae74d263d87fcac2b45cb17a7ad9ae905ef6129
-
SSDEEP
3072:f/qKydBOTQx6OiPuloRN4vAHHMoPd5gG+/GvA26/:3qKy6Qx6BPueRN4oMnGCz
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-