General
-
Target
bdbc9a21226ffd243b4290d5de4ebba3c5b1194947f8efb9333dead323e0ffe7
-
Size
144KB
-
Sample
231106-pqz8zaba4t
-
MD5
6d1323fe69deb17a70657b69f4647100
-
SHA1
439bf772a1d9463e9231d1b6c2abb3e4434d8ec7
-
SHA256
419e5ee67d2a76944252f631d0d2967c2416e0d13c24689142c689d481d249bc
-
SHA512
5d8123eb94a3231a6d301acb7d71d4bc41ea9de71b6da2e033d74174c8dc0b9f02adce7f6047a8fa1554828a02f4aac579bad7ebf491e0efac185f07a8b7f3b5
-
SSDEEP
3072:q9HwJ6M18S9TKm3dtSUSATI93tJxepkzsOkesZtT3:MHwJ7KStxNSATW3bxenjXT3
Static task
static1
Behavioral task
behavioral1
Sample
bdbc9a21226ffd243b4290d5de4ebba3c5b1194947f8efb9333dead323e0ffe7.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
bdbc9a21226ffd243b4290d5de4ebba3c5b1194947f8efb9333dead323e0ffe7.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
bdbc9a21226ffd243b4290d5de4ebba3c5b1194947f8efb9333dead323e0ffe7
-
Size
222KB
-
MD5
07b00cf95a65d716cbf9b6737a3d97bd
-
SHA1
c0bcd4ca653be184ad011e295df02d999046fb8c
-
SHA256
bdbc9a21226ffd243b4290d5de4ebba3c5b1194947f8efb9333dead323e0ffe7
-
SHA512
4178cfac6bde459cae55e48b24ca11117cc31f9d4061bb5f6e57ea9ed17122b4e1dc3da92bad7c1d7bda0ef556dcc653a77da2994da5186f934ac8cf0b6b0493
-
SSDEEP
3072:3WMfCVLL/mQCnan+CIVkCUSATI93tJkgrNo5RPeplVP:3Bf8LLKc+CIqdSATW3b7Nget
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2