General
-
Target
21c38ebbea03aa2ddce570a40ebcbf10217b80b9dde4924ce7119fb13d260edb.zip
-
Size
177KB
-
Sample
231119-z4c1psbf59
-
MD5
85e2d7415b9cb78b607bcb45867f1070
-
SHA1
28f7835cb4960bf3305d25a1a3294d0a20932776
-
SHA256
8673677a6dad0f1e87e0a759df26831fd2f3249c8e68e8e0709edcc9295f18cb
-
SHA512
15d1e3bcbf4cf0fc7cb55fbde4a16b437d427c1c16f39dffd87e3654d3220c139894accfecd7e2ffebcbb8c6bc140697c1589fe425caf581b333ff463cabd7e1
-
SSDEEP
3072:KP0KEIRvs8jON857go/zHYKrSSE2/T0ty8kcXhY/SGlEqoVkCo9fD12X:cVm8Qnaeg/TVaQSGGuCss
Static task
static1
Behavioral task
behavioral1
Sample
21c38ebbea03aa2ddce570a40ebcbf10217b80b9dde4924ce7119fb13d260edb.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
21c38ebbea03aa2ddce570a40ebcbf10217b80b9dde4924ce7119fb13d260edb.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
21c38ebbea03aa2ddce570a40ebcbf10217b80b9dde4924ce7119fb13d260edb.exe
-
Size
329KB
-
MD5
c5acf32a68fc55104b5dafc61245bab4
-
SHA1
8a1d49efbb20a987cd87d227c4c4016a36c76afb
-
SHA256
21c38ebbea03aa2ddce570a40ebcbf10217b80b9dde4924ce7119fb13d260edb
-
SHA512
8bc262803139c0420b71ffea63e772124446349d913bb194646c22f0d4dca0cd04d3a3108032c2f31618f482e86fbfa0aa4de63d7c53fcd03dcc438763970808
-
SSDEEP
3072:y9xdm7sMhs6Y28qryW6A4bdZc4nJcJW+XkmwVWf4rEVjSHwZROr4bpLkC:yIths6Y28ehy5nJcU6QrEVjWlr4a
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2