General
-
Target
file.exe
-
Size
257KB
-
Sample
231106-z96j7sfd3y
-
MD5
9bf9d2d2458691bcf8a3b7a199e98006
-
SHA1
91a26106e563d2ce08626c0da03b127b0a35ba49
-
SHA256
86570d92983f1a55ec9e12b7185bf966f5294b13a2d1ab185896145eb52ffb58
-
SHA512
40fd6561b45dc7708392fff0b4ee3076b7221a421176e0a0126c732eda25d2cc4f1bf57cd7ac298efc28ca349acdeb61a23036342dd0886f10f0e0f6cfac6ece
-
SSDEEP
3072:9sDXcvgMzU8rGm7RJSFdHi0OR1yU/ZPWxWXnF9cp7sV39zdthH:Weg7BOJSy0OR1B+gXkOVN/
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
257KB
-
MD5
9bf9d2d2458691bcf8a3b7a199e98006
-
SHA1
91a26106e563d2ce08626c0da03b127b0a35ba49
-
SHA256
86570d92983f1a55ec9e12b7185bf966f5294b13a2d1ab185896145eb52ffb58
-
SHA512
40fd6561b45dc7708392fff0b4ee3076b7221a421176e0a0126c732eda25d2cc4f1bf57cd7ac298efc28ca349acdeb61a23036342dd0886f10f0e0f6cfac6ece
-
SSDEEP
3072:9sDXcvgMzU8rGm7RJSFdHi0OR1yU/ZPWxWXnF9cp7sV39zdthH:Weg7BOJSy0OR1B+gXkOVN/
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2