General
-
Target
file.exe
-
Size
274KB
-
Sample
230530-kr6d6agf29
-
MD5
dbbb946f4228bd42954f0fc37607d9e9
-
SHA1
613aca1b293843322b08583d969d5611e859fd75
-
SHA256
33131cdcd5d945bb411d7f74e019c16609a9690638bf040b975ae099e6643f63
-
SHA512
00031955c563ac6546bb38e4e05b2365cbd9564774a5b993674fe01dc82bfd68da5c37bcc6f8d3e07301e47dea1512f85bbe1b2512f866eaa9c0046df50b9c58
-
SSDEEP
3072:13cVvOWyaFDk3pCz6wIHwEP89c9mNNkRXF/AYLf2VsNO5Jn1DA4zkzPa5M:RcJOWHk3I6wilENNkF7QpSPa5
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
274KB
-
MD5
dbbb946f4228bd42954f0fc37607d9e9
-
SHA1
613aca1b293843322b08583d969d5611e859fd75
-
SHA256
33131cdcd5d945bb411d7f74e019c16609a9690638bf040b975ae099e6643f63
-
SHA512
00031955c563ac6546bb38e4e05b2365cbd9564774a5b993674fe01dc82bfd68da5c37bcc6f8d3e07301e47dea1512f85bbe1b2512f866eaa9c0046df50b9c58
-
SSDEEP
3072:13cVvOWyaFDk3pCz6wIHwEP89c9mNNkRXF/AYLf2VsNO5Jn1DA4zkzPa5M:RcJOWHk3I6wilENNkF7QpSPa5
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-