General
-
Target
NEAS.a024dc3f72c20bbc40fadda609ea7589f757f3078022d990878d09e2ad7b0c11.exe
-
Size
252KB
-
Sample
231106-3b6dbsgc2z
-
MD5
3daff0208eb4ec8e45c0d84c90b959b8
-
SHA1
5cfca7fd7003e8a8e25dbdebff2a0113a4c44d4b
-
SHA256
a024dc3f72c20bbc40fadda609ea7589f757f3078022d990878d09e2ad7b0c11
-
SHA512
594a8c7c3b7dea0d669684171a6e228ae80e9e0aa426b3c550c855ec8edf43e4f4dcfa2955099c3bc07f6244cf500f85fde8473a2210f968f3aa913609292453
-
SSDEEP
6144:eAdQSLr8EGVwrXM9d3AX09WKVLsH26gI:oSHRGVwrXM9d3v9WKVgW4
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.a024dc3f72c20bbc40fadda609ea7589f757f3078022d990878d09e2ad7b0c11.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.a024dc3f72c20bbc40fadda609ea7589f757f3078022d990878d09e2ad7b0c11.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
NEAS.a024dc3f72c20bbc40fadda609ea7589f757f3078022d990878d09e2ad7b0c11.exe
-
Size
252KB
-
MD5
3daff0208eb4ec8e45c0d84c90b959b8
-
SHA1
5cfca7fd7003e8a8e25dbdebff2a0113a4c44d4b
-
SHA256
a024dc3f72c20bbc40fadda609ea7589f757f3078022d990878d09e2ad7b0c11
-
SHA512
594a8c7c3b7dea0d669684171a6e228ae80e9e0aa426b3c550c855ec8edf43e4f4dcfa2955099c3bc07f6244cf500f85fde8473a2210f968f3aa913609292453
-
SSDEEP
6144:eAdQSLr8EGVwrXM9d3AX09WKVLsH26gI:oSHRGVwrXM9d3v9WKVgW4
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2