General
-
Target
f784390bef1610437897b0044be3a495e58de9cef5de77d9f45f5b3a5defe5fe
-
Size
144KB
-
Sample
231106-pagrpaah6s
-
MD5
cbbbf2b308abd96413d3895c8fbffa2e
-
SHA1
2e85b1a4bd4d565050e8ea6caa5cb1e716e658a6
-
SHA256
c7c399bb7aecede99d2e8d59770002f35b85f5481077129d686e21449feaf92c
-
SHA512
ba381f90161188324720d30f81c404b67c0a7b0c3981297467b801a70a0d65412b2219889ee404bee2000e3a6b536dcd04f69c45209ca933ab0e7a0e349becce
-
SSDEEP
3072:Y/eTTGsSyV1BB0BYSZHuP5AzqArCpdPJa9CZo2Y07L7V2Bs1QqQ05xtIW:ie/GsSyV1/0y2HuuzqAepdJa92o2Y0fJ
Static task
static1
Behavioral task
behavioral1
Sample
f784390bef1610437897b0044be3a495e58de9cef5de77d9f45f5b3a5defe5fe.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
f784390bef1610437897b0044be3a495e58de9cef5de77d9f45f5b3a5defe5fe.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
f784390bef1610437897b0044be3a495e58de9cef5de77d9f45f5b3a5defe5fe
-
Size
221KB
-
MD5
2488d90434caafc7d576e6e16220a772
-
SHA1
9f72377d8cc4e561ae6172460df94b8d0f87ed9e
-
SHA256
f784390bef1610437897b0044be3a495e58de9cef5de77d9f45f5b3a5defe5fe
-
SHA512
5ee948f1eeb8ba21cda44d781b616f96957b6f7a1951b0a4dfe6c7c881ae28d243722cf751209efa8e1e274fe392b0956ea1423ec6ed1efb7880b87e44aa5e18
-
SSDEEP
3072:WHMfCYL/+qeVAeW5XNFJarDAJ98I2a9CZo2Y07LPd0RPGnllVP:WsfbLQIF00JWla92o2Y0foGnR
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2