General
-
Target
306b52b0288f8636b145c12e1594b4d5.bin
-
Size
175KB
-
Sample
231027-bqbnqaag5x
-
MD5
0a8118f651338ca927a2c09c58319b7e
-
SHA1
81e03f52ddc0f637635cbd76fc3fe8ea5ae90df6
-
SHA256
b530a06092497e946b59fe69795193255fddbc4d0e6d6d1e98df8258dfcd7d25
-
SHA512
73d9aefd91a701ad8c6c56144fba116c5d13a577731299973fb1c4eed670d5bac46594b795aafd6b487252718298242024ab52b9db44460e2220c80a40eae737
-
SSDEEP
3072:WHq7WJW7r3I4h1TKBbfKr4ci5Hr530QWufRvF7Dthdqc+8nwY1wMqLdmfCAgHi7E:FYWc115F3VLJRthdqc+c1w/dgC3Hi73U
Static task
static1
Behavioral task
behavioral1
Sample
a4dee314bf550ed83a5be294c6acbea200fb4665c684ae5f842c29ba3233e307.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
a4dee314bf550ed83a5be294c6acbea200fb4665c684ae5f842c29ba3233e307.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
a4dee314bf550ed83a5be294c6acbea200fb4665c684ae5f842c29ba3233e307.exe
-
Size
291KB
-
MD5
306b52b0288f8636b145c12e1594b4d5
-
SHA1
3b11ac9361a3ab7ab9cc4729c8cb0392a0d8fdaa
-
SHA256
a4dee314bf550ed83a5be294c6acbea200fb4665c684ae5f842c29ba3233e307
-
SHA512
2b1911749d49ce8155289707baf1560f0a817cacd8f0136acc97b86abfa8fc9ee3b548d4817a10973fcc71991f5280028e3e8e3f0c91ac45932c64057b03dcc5
-
SSDEEP
6144:KVHVEqQqdL7N9FX0FcOcmy46B5ihS4pe5:KoHqdPHFfOcHr/So
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2