General
-
Target
67a4c57e1141be6c84787dad422d19dd0193b0ecf5d7771c496b128226420ee7_JC.exe
-
Size
242KB
-
Sample
231011-kb854sbc2x
-
MD5
d7397119dbb60e42850f5db8c0d3cc16
-
SHA1
e9aade2f2c626f3d3b2252c3de72c63ef53b2c2f
-
SHA256
67a4c57e1141be6c84787dad422d19dd0193b0ecf5d7771c496b128226420ee7
-
SHA512
5e90b23cc1dd4c1388a3985e97cfe73c2d2e4f143f3a244e3c447b08b10a1ac1f29c37c6283d8aa1e42bbb026baa93f24e6f87a943818d9feb4c311c20ff095e
-
SSDEEP
3072:fWC+t9BtK2qqscMrhAtzkPK8BZ3R0m/2PmOo9dBn5cp281TWO:fJMTK+szrhAxB+ZOme6Qp91Tj
Static task
static1
Behavioral task
behavioral1
Sample
67a4c57e1141be6c84787dad422d19dd0193b0ecf5d7771c496b128226420ee7_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
67a4c57e1141be6c84787dad422d19dd0193b0ecf5d7771c496b128226420ee7_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
67a4c57e1141be6c84787dad422d19dd0193b0ecf5d7771c496b128226420ee7_JC.exe
-
Size
242KB
-
MD5
d7397119dbb60e42850f5db8c0d3cc16
-
SHA1
e9aade2f2c626f3d3b2252c3de72c63ef53b2c2f
-
SHA256
67a4c57e1141be6c84787dad422d19dd0193b0ecf5d7771c496b128226420ee7
-
SHA512
5e90b23cc1dd4c1388a3985e97cfe73c2d2e4f143f3a244e3c447b08b10a1ac1f29c37c6283d8aa1e42bbb026baa93f24e6f87a943818d9feb4c311c20ff095e
-
SSDEEP
3072:fWC+t9BtK2qqscMrhAtzkPK8BZ3R0m/2PmOo9dBn5cp281TWO:fJMTK+szrhAxB+ZOme6Qp91Tj
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2