General
-
Target
NEAS.98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4bexe_JC.exe
-
Size
177KB
-
Sample
231026-xt7ffseg4s
-
MD5
eae908014d26f7bb01be3cee895aefae
-
SHA1
8adb13166e6a3b71d9c37cb93da538ac85abc566
-
SHA256
98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b
-
SHA512
f177b9d43b15bdca1ccd4b1cf57e01811a5e33fe2798ecde47d9fb4f1b491dd8c653685b1f6e140359179f2b9ff24e113466f00eb9d2c474b3e135c616c00356
-
SSDEEP
3072:fHBN7RcV0uol0USX6Nw0WxyOufOeszXfzQZH64X+T6Uxs:pHgf+0USX6Nw0rXNszXfzQZRX+T
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4bexe_JC.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4bexe_JC.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
NEAS.98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4bexe_JC.exe
-
Size
177KB
-
MD5
eae908014d26f7bb01be3cee895aefae
-
SHA1
8adb13166e6a3b71d9c37cb93da538ac85abc566
-
SHA256
98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b
-
SHA512
f177b9d43b15bdca1ccd4b1cf57e01811a5e33fe2798ecde47d9fb4f1b491dd8c653685b1f6e140359179f2b9ff24e113466f00eb9d2c474b3e135c616c00356
-
SSDEEP
3072:fHBN7RcV0uol0USX6Nw0WxyOufOeszXfzQZH64X+T6Uxs:pHgf+0USX6Nw0rXNszXfzQZRX+T
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2