General
-
Target
file.exe
-
Size
208KB
-
Sample
230601-gtq6gadd4y
-
MD5
b8c57b4955ba76748c635666f4418973
-
SHA1
6c563d81cc495a1627e32ebab681d9212108ea7b
-
SHA256
87c8503e9120f66f4abb1b0701228bd56d805f9f43336a70eec46a25474c8e6f
-
SHA512
7d5819a6c9e539ef091b35c62e5372e7bc8270ae34823b8ffeaa1d5f9afa8ae47ff61979868aedcda9d13171088e8cc8d56624014f27d8f56b4bbe1ce42c5173
-
SSDEEP
3072:MX6kVaGBuJBZzKEL0Eqv9K+zeWIKJNOXd5jBIfQMXq5zG:I7V38OEgEqQGJwnBqq
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
208KB
-
MD5
b8c57b4955ba76748c635666f4418973
-
SHA1
6c563d81cc495a1627e32ebab681d9212108ea7b
-
SHA256
87c8503e9120f66f4abb1b0701228bd56d805f9f43336a70eec46a25474c8e6f
-
SHA512
7d5819a6c9e539ef091b35c62e5372e7bc8270ae34823b8ffeaa1d5f9afa8ae47ff61979868aedcda9d13171088e8cc8d56624014f27d8f56b4bbe1ce42c5173
-
SSDEEP
3072:MX6kVaGBuJBZzKEL0Eqv9K+zeWIKJNOXd5jBIfQMXq5zG:I7V38OEgEqQGJwnBqq
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-