General
-
Target
NEAS.19ff214fd7feb452a76b299e36831705cc3cc11c3d5deb6ff4a9df6138aacd4cexe_JC.exe
-
Size
285KB
-
Sample
231026-wq8nnsdg4v
-
MD5
1694977bcb788f91d08d563e65e1b6a8
-
SHA1
b43b878f52e93dcac435e012db85d5151b55f4f6
-
SHA256
19ff214fd7feb452a76b299e36831705cc3cc11c3d5deb6ff4a9df6138aacd4c
-
SHA512
95f504cbb5906ca0fa0511e1627a175586cad92d7aab55724b1483d6886ebbe6cac735cf06f2e9650fc5c5ae6c3813c3f15ffc7edd1871fb9a683172c1f9a73d
-
SSDEEP
3072:zVX1Sc4eOh6nD2fLpZ5W3hR8b/67c3HL+Yl4MyrBHH75aDbQkib0RC:F1Sc4b6D2fLb5zbL3HL+YazBk
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.19ff214fd7feb452a76b299e36831705cc3cc11c3d5deb6ff4a9df6138aacd4cexe_JC.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.19ff214fd7feb452a76b299e36831705cc3cc11c3d5deb6ff4a9df6138aacd4cexe_JC.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
NEAS.19ff214fd7feb452a76b299e36831705cc3cc11c3d5deb6ff4a9df6138aacd4cexe_JC.exe
-
Size
285KB
-
MD5
1694977bcb788f91d08d563e65e1b6a8
-
SHA1
b43b878f52e93dcac435e012db85d5151b55f4f6
-
SHA256
19ff214fd7feb452a76b299e36831705cc3cc11c3d5deb6ff4a9df6138aacd4c
-
SHA512
95f504cbb5906ca0fa0511e1627a175586cad92d7aab55724b1483d6886ebbe6cac735cf06f2e9650fc5c5ae6c3813c3f15ffc7edd1871fb9a683172c1f9a73d
-
SSDEEP
3072:zVX1Sc4eOh6nD2fLpZ5W3hR8b/67c3HL+Yl4MyrBHH75aDbQkib0RC:F1Sc4b6D2fLb5zbL3HL+YazBk
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2