General
-
Target
file
-
Size
255KB
-
Sample
231107-blcefsah96
-
MD5
73abf40e34763699f0f00f1d277945a2
-
SHA1
37068d59066d7ab7d53a5123d86eb9b6ac39de30
-
SHA256
b6e11ec3abe0321574219fa4884dbe4233ad23ead792fc8a05ee4f83f33b8533
-
SHA512
38c36291da3514fdd58d5f65f133a99913edf57c977ba1a19fb8eb0f198ba20f474fc290a577d9d7632d2b4da87adfc4dcb499954690ef8639ed74d72651bae0
-
SSDEEP
3072:B6eJDkum8Mgto0n1sXNttLQzXPEk8QCa3j9jS4a4g6cqx6C4zdtZET:B7S8M+oISXNttLIoXa3jQ4aT6Nx6/Z
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
file
-
Size
255KB
-
MD5
73abf40e34763699f0f00f1d277945a2
-
SHA1
37068d59066d7ab7d53a5123d86eb9b6ac39de30
-
SHA256
b6e11ec3abe0321574219fa4884dbe4233ad23ead792fc8a05ee4f83f33b8533
-
SHA512
38c36291da3514fdd58d5f65f133a99913edf57c977ba1a19fb8eb0f198ba20f474fc290a577d9d7632d2b4da87adfc4dcb499954690ef8639ed74d72651bae0
-
SSDEEP
3072:B6eJDkum8Mgto0n1sXNttLQzXPEk8QCa3j9jS4a4g6cqx6C4zdtZET:B7S8M+oISXNttLIoXa3jQ4aT6Nx6/Z
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2