General
-
Target
NEAS.a4dee314bf550ed83a5be294c6acbea200fb4665c684ae5f842c29ba3233e307exe_JC.exe
-
Size
291KB
-
Sample
231026-x3cbnseh5w
-
MD5
306b52b0288f8636b145c12e1594b4d5
-
SHA1
3b11ac9361a3ab7ab9cc4729c8cb0392a0d8fdaa
-
SHA256
a4dee314bf550ed83a5be294c6acbea200fb4665c684ae5f842c29ba3233e307
-
SHA512
2b1911749d49ce8155289707baf1560f0a817cacd8f0136acc97b86abfa8fc9ee3b548d4817a10973fcc71991f5280028e3e8e3f0c91ac45932c64057b03dcc5
-
SSDEEP
6144:KVHVEqQqdL7N9FX0FcOcmy46B5ihS4pe5:KoHqdPHFfOcHr/So
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.a4dee314bf550ed83a5be294c6acbea200fb4665c684ae5f842c29ba3233e307exe_JC.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.a4dee314bf550ed83a5be294c6acbea200fb4665c684ae5f842c29ba3233e307exe_JC.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
NEAS.a4dee314bf550ed83a5be294c6acbea200fb4665c684ae5f842c29ba3233e307exe_JC.exe
-
Size
291KB
-
MD5
306b52b0288f8636b145c12e1594b4d5
-
SHA1
3b11ac9361a3ab7ab9cc4729c8cb0392a0d8fdaa
-
SHA256
a4dee314bf550ed83a5be294c6acbea200fb4665c684ae5f842c29ba3233e307
-
SHA512
2b1911749d49ce8155289707baf1560f0a817cacd8f0136acc97b86abfa8fc9ee3b548d4817a10973fcc71991f5280028e3e8e3f0c91ac45932c64057b03dcc5
-
SSDEEP
6144:KVHVEqQqdL7N9FX0FcOcmy46B5ihS4pe5:KoHqdPHFfOcHr/So
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2