General
-
Target
0a92ddabee8fc6fc69b3999f21249e4acdd592d71a6a3bba5fc8190a5751514f
-
Size
10.2MB
-
Sample
230609-mrz89acf8w
-
MD5
533c57dda4dba8ea23650d642ebbfd41
-
SHA1
d11daa23ca404b163d04dade2c22d320a18fb098
-
SHA256
0a92ddabee8fc6fc69b3999f21249e4acdd592d71a6a3bba5fc8190a5751514f
-
SHA512
5198545f3395d58ac8fccbad2bd924d519dbcdce7177598828384052b6e964108a01bc1e89ace8118ff80e0906f1d252d214b0a1430fa1e62994ff1063915db6
-
SSDEEP
49152:RHdOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOW:
Static task
static1
Behavioral task
behavioral1
Sample
0a92ddabee8fc6fc69b3999f21249e4acdd592d71a6a3bba5fc8190a5751514f.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0a92ddabee8fc6fc69b3999f21249e4acdd592d71a6a3bba5fc8190a5751514f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
0a92ddabee8fc6fc69b3999f21249e4acdd592d71a6a3bba5fc8190a5751514f
-
Size
10.2MB
-
MD5
533c57dda4dba8ea23650d642ebbfd41
-
SHA1
d11daa23ca404b163d04dade2c22d320a18fb098
-
SHA256
0a92ddabee8fc6fc69b3999f21249e4acdd592d71a6a3bba5fc8190a5751514f
-
SHA512
5198545f3395d58ac8fccbad2bd924d519dbcdce7177598828384052b6e964108a01bc1e89ace8118ff80e0906f1d252d214b0a1430fa1e62994ff1063915db6
-
SSDEEP
49152:RHdOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOW:
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-