General
-
Target
7a4cfb277cc054d761bde28a0f92caa9f142ad61959923a023a0d8248ad1c4ee.zip
-
Size
164KB
-
Sample
231119-1ah6asce7z
-
MD5
5e300db537d71b26630d1a3588e0c6c7
-
SHA1
dc3b44a5e8e3d1059322b3a78c3cf64181612348
-
SHA256
52a6136eafaa474e442adec1f75f3a82b66fb0ba1101bfa1f55348c39ec2abb8
-
SHA512
893edcf8b0490d3f163e502cfbc9fbbe9e0b65c42385d6f7b42f8997f7018a164de8295e22b81b7b27a65197f1b14e84730fa7214fc1c83149ec4b84b67ef8e2
-
SSDEEP
3072:lPHA5UGI9fjPoklZVYW//Xpfog3MENejl6Z/rkJexG7ry/X:lUreTNmw1og3MPjl6ZAIxG6f
Static task
static1
Behavioral task
behavioral1
Sample
7a4cfb277cc054d761bde28a0f92caa9f142ad61959923a023a0d8248ad1c4ee.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
7a4cfb277cc054d761bde28a0f92caa9f142ad61959923a023a0d8248ad1c4ee.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
7a4cfb277cc054d761bde28a0f92caa9f142ad61959923a023a0d8248ad1c4ee.exe
-
Size
254KB
-
MD5
02ac11d7691ed7141949fc5c03d5aae8
-
SHA1
b122e23b4dfb29d4efedbbe7a72c75d696f8a7ac
-
SHA256
7a4cfb277cc054d761bde28a0f92caa9f142ad61959923a023a0d8248ad1c4ee
-
SHA512
c437f0cec3cbe5a62a650cafd0814016864c083a2df5a65000d0411b8249daec0744b7c948039a97848135a263ba183a9cb00876fbc3d22ee1e8322dfda0e55e
-
SSDEEP
3072:M9xGAh803FPqB1HzqotaoQpxVKPk4hjw6EX7eUkpvTRSdnbr4rO/p/4CY/:w/8iYlAxVKMuELrdnbr4yG
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2