General
-
Target
3289ff07ba3c5b4ea9614f862dae3bd8.bin
-
Size
152KB
-
Sample
231107-b14r9ahe8s
-
MD5
d630f364131d4c63a56a2a863bb3fa3d
-
SHA1
a037e4dd1757d0ceedcfe6b348a28de37ba8c898
-
SHA256
bfcad6b47aa60ee1cbf2ca6de332fa02daccef124062e17a0239c60fc8376ca0
-
SHA512
99a058dd8f6f9b090c5887b8e9b599c32b2c4a6bc929576e6a07cae7c4f67736b55f3317b109e47dfd21f89a9b8538b72c48bd04d416e45270c7a93653c7fcfd
-
SSDEEP
3072:55s6GrVEdjH19fZIWeY4SKECfI1MDwGWfHLlAfucvk9SRWAlh:5cwpZyS4iMFS+mcvk98W8
Static task
static1
Behavioral task
behavioral1
Sample
c93020e01233f2935a6fba66fa3e3ccc38b0fc50bacd0a374c1130910f821935.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
c93020e01233f2935a6fba66fa3e3ccc38b0fc50bacd0a374c1130910f821935.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
c93020e01233f2935a6fba66fa3e3ccc38b0fc50bacd0a374c1130910f821935.exe
-
Size
251KB
-
MD5
3289ff07ba3c5b4ea9614f862dae3bd8
-
SHA1
30b15edf7ad3f7bc059f58436198d5619f06a53a
-
SHA256
c93020e01233f2935a6fba66fa3e3ccc38b0fc50bacd0a374c1130910f821935
-
SHA512
9e90abf93b6e7268a0c8993c864d9b106c00990f77c1d8011ea7325a0467332f508f04dc083c46880dea9a71a9a6fbf6c8bdcec83b310093eea0c455c66e5a82
-
SSDEEP
3072:7RoP5wl8uJh5E7jjzFApPWASdKogJodIj+5JjAxSdhee3hUDxy/Ocat:toWlbhOTFApPmdKogJc5JMxUh7OQG
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2