General
-
Target
file.exe
-
Size
184KB
-
Sample
230614-fy99gadd2y
-
MD5
495a1ea939030ecab57ad60549837e0d
-
SHA1
921ffb10aef3937bef3a160b4d5f405fa4802b13
-
SHA256
2dd452add7571434898c24c9bdb636627b929b7620a3bcb36c3080b86def4818
-
SHA512
956dc9e9665fe5c1d9c4ebfcda59d5b8c49546ff3056176ebadad07e54c1c00b57e8b900008bf9903a5798ad5e4933f6c147f7977a97a695f924e792a32c2c35
-
SSDEEP
3072:QG36z5gnjk/KiYq4UzpoSEgRtyZrPxJKlP:n3egnw/YNE09VL
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
184KB
-
MD5
495a1ea939030ecab57ad60549837e0d
-
SHA1
921ffb10aef3937bef3a160b4d5f405fa4802b13
-
SHA256
2dd452add7571434898c24c9bdb636627b929b7620a3bcb36c3080b86def4818
-
SHA512
956dc9e9665fe5c1d9c4ebfcda59d5b8c49546ff3056176ebadad07e54c1c00b57e8b900008bf9903a5798ad5e4933f6c147f7977a97a695f924e792a32c2c35
-
SSDEEP
3072:QG36z5gnjk/KiYq4UzpoSEgRtyZrPxJKlP:n3egnw/YNE09VL
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-