General
-
Target
NEAS.e9b08e0dd330ea6a2244220dc04f7dec992c83cba8ab1e60e165850d69f5e3e4.exe
-
Size
272KB
-
Sample
231107-aqke7agg31
-
MD5
fee0ff5c08cfec7096612df413966b32
-
SHA1
b50ea1884eb3192031eca229f3d3dc3334d82902
-
SHA256
e9b08e0dd330ea6a2244220dc04f7dec992c83cba8ab1e60e165850d69f5e3e4
-
SHA512
55ccede54df0f3e9c5f82b60b8a910e57737682b1413cfc842dc11c7054505dedaec478f082db35ab566d49a75ea13d787b53a2888f0332350207b1c661f8c0e
-
SSDEEP
3072:2VX8hrkLdqiqKwK5u5gF8FHAbAM6A0gpVhP5VWZVnU+:+8xkLcPSu5C8JDM6AFP9WZ5
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.e9b08e0dd330ea6a2244220dc04f7dec992c83cba8ab1e60e165850d69f5e3e4.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
NEAS.e9b08e0dd330ea6a2244220dc04f7dec992c83cba8ab1e60e165850d69f5e3e4.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
NEAS.e9b08e0dd330ea6a2244220dc04f7dec992c83cba8ab1e60e165850d69f5e3e4.exe
-
Size
272KB
-
MD5
fee0ff5c08cfec7096612df413966b32
-
SHA1
b50ea1884eb3192031eca229f3d3dc3334d82902
-
SHA256
e9b08e0dd330ea6a2244220dc04f7dec992c83cba8ab1e60e165850d69f5e3e4
-
SHA512
55ccede54df0f3e9c5f82b60b8a910e57737682b1413cfc842dc11c7054505dedaec478f082db35ab566d49a75ea13d787b53a2888f0332350207b1c661f8c0e
-
SSDEEP
3072:2VX8hrkLdqiqKwK5u5gF8FHAbAM6A0gpVhP5VWZVnU+:+8xkLcPSu5C8JDM6AFP9WZ5
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2