General
-
Target
4a458d803e8e61bc4ec636056019195a.exe
-
Size
238KB
-
Sample
230602-h5hh5sag5x
-
MD5
4a458d803e8e61bc4ec636056019195a
-
SHA1
6a4023f613128a75952bf45adb305bca1cea5661
-
SHA256
28a6f8d393c0459c87c8ca21d7bad4fae89514118fc35a871b2b6fd7662c571a
-
SHA512
b04b2af5c82416b6a510ee2fa77a878e9349b855ad47b59bd46f10b5fc8189df165ddfcd9333214c14b7ea061f9fe8515aded4e11d1837fe3744afbe2db7f7e6
-
SSDEEP
3072:u+pCVP0S8pa6DuW6C1jhWrqNbBSpjI1AYm7FSaRxu3hAhjlhVcuBKy4:RbS8p8CBhzNbsKHLaR0xWhVRG
Static task
static1
Behavioral task
behavioral1
Sample
4a458d803e8e61bc4ec636056019195a.exe
Resource
win7-20230220-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
4a458d803e8e61bc4ec636056019195a.exe
-
Size
238KB
-
MD5
4a458d803e8e61bc4ec636056019195a
-
SHA1
6a4023f613128a75952bf45adb305bca1cea5661
-
SHA256
28a6f8d393c0459c87c8ca21d7bad4fae89514118fc35a871b2b6fd7662c571a
-
SHA512
b04b2af5c82416b6a510ee2fa77a878e9349b855ad47b59bd46f10b5fc8189df165ddfcd9333214c14b7ea061f9fe8515aded4e11d1837fe3744afbe2db7f7e6
-
SSDEEP
3072:u+pCVP0S8pa6DuW6C1jhWrqNbBSpjI1AYm7FSaRxu3hAhjlhVcuBKy4:RbS8p8CBhzNbsKHLaR0xWhVRG
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-