General
-
Target
file
-
Size
245KB
-
Sample
230612-bwn61aba61
-
MD5
de716bcd69eaa397ec668a600e290613
-
SHA1
4fe4841959d458f6389ad15767eaccaf13d013f8
-
SHA256
2c56b7eecbb1f8bf1ffab07fe19f92dc17f91675cf518565c67bb06af8b11916
-
SHA512
5713d38394dbe8d9233f44739f1d9a79a3d443a1ed43c48c4afe58019be87bb5c8b1c2d4f0ec1e64555418471adfbb653de0ba4e6c424d80c9ce3a224e29233b
-
SSDEEP
3072:BpN/PqeipCA+QWm9coi7u7Tnt8x609HRFQ9UZqn5syBgBRe1fq3:Rn3i7eeMu7TnK5yewn56O1f
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
file
-
Size
245KB
-
MD5
de716bcd69eaa397ec668a600e290613
-
SHA1
4fe4841959d458f6389ad15767eaccaf13d013f8
-
SHA256
2c56b7eecbb1f8bf1ffab07fe19f92dc17f91675cf518565c67bb06af8b11916
-
SHA512
5713d38394dbe8d9233f44739f1d9a79a3d443a1ed43c48c4afe58019be87bb5c8b1c2d4f0ec1e64555418471adfbb653de0ba4e6c424d80c9ce3a224e29233b
-
SSDEEP
3072:BpN/PqeipCA+QWm9coi7u7Tnt8x609HRFQ9UZqn5syBgBRe1fq3:Rn3i7eeMu7TnK5yewn56O1f
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-