General
-
Target
NEAS.2db4b7ad0746a2423a4d71da5b6ec8b8efe14366d92d5f87f90fa867656dee2fexe_JC.exe
-
Size
265KB
-
Sample
231026-wyka2sfe55
-
MD5
45803e5734013f3e280310660072d4fb
-
SHA1
5c2d77811eb0fdc2fc0cc9da7131765b9a9d6ccc
-
SHA256
2db4b7ad0746a2423a4d71da5b6ec8b8efe14366d92d5f87f90fa867656dee2f
-
SHA512
7feedfe470ed7e78c459734a9b0921a69b4c83dd7de2d2260a1020e106c44d4fee48ec8b90a0e7a01130653aeb0ac8d267cc497c0443087a64af2bcbf3b3b21d
-
SSDEEP
3072:2sXLLViObJLO9Dpqs4XzM9lOp7LCHI3lwQ4fVUxfhuC9+QoZ5G2F5QoQb:PLLViWJLO1zczM9lOpSHILcV8N9+Ay
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.2db4b7ad0746a2423a4d71da5b6ec8b8efe14366d92d5f87f90fa867656dee2fexe_JC.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
NEAS.2db4b7ad0746a2423a4d71da5b6ec8b8efe14366d92d5f87f90fa867656dee2fexe_JC.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
NEAS.2db4b7ad0746a2423a4d71da5b6ec8b8efe14366d92d5f87f90fa867656dee2fexe_JC.exe
-
Size
265KB
-
MD5
45803e5734013f3e280310660072d4fb
-
SHA1
5c2d77811eb0fdc2fc0cc9da7131765b9a9d6ccc
-
SHA256
2db4b7ad0746a2423a4d71da5b6ec8b8efe14366d92d5f87f90fa867656dee2f
-
SHA512
7feedfe470ed7e78c459734a9b0921a69b4c83dd7de2d2260a1020e106c44d4fee48ec8b90a0e7a01130653aeb0ac8d267cc497c0443087a64af2bcbf3b3b21d
-
SSDEEP
3072:2sXLLViObJLO9Dpqs4XzM9lOp7LCHI3lwQ4fVUxfhuC9+QoZ5G2F5QoQb:PLLViWJLO1zczM9lOpSHILcV8N9+Ay
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2