General
-
Target
7e9ccdf57f7fe03c9e2efd738b6490aabed53615f70a101a8c1cd008716fa6d2.zip
-
Size
178KB
-
Sample
231119-z4c1psbf62
-
MD5
6799416262f0daf7e5dc92d325d64db0
-
SHA1
c61b37a17a8bc7ced0461d6d7513cc5a5e677d0c
-
SHA256
0b866ed04f5d34f0a63f79ca6061db85425cb41d6b9d37a4ce9a0a890a4d865d
-
SHA512
1d995f3f55b305b13c22cf77f1afc4a7c8214f9079758e6e2a2f9690376f09add65ecf17149506a12ab715faaa3e592f7359445d98cd520c359d92235e6556e3
-
SSDEEP
3072:MucMuNELO9A6gVvFIN3x8fBHvbt0sNOXidYGScAX:XLCdNufBPbXRWZcAX
Static task
static1
Behavioral task
behavioral1
Sample
7e9ccdf57f7fe03c9e2efd738b6490aabed53615f70a101a8c1cd008716fa6d2.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
7e9ccdf57f7fe03c9e2efd738b6490aabed53615f70a101a8c1cd008716fa6d2.exe
Resource
win10v2004-20231025-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
7e9ccdf57f7fe03c9e2efd738b6490aabed53615f70a101a8c1cd008716fa6d2.exe
-
Size
338KB
-
MD5
5c5387efb7f70cd46012c6f8f4cc0e1a
-
SHA1
c2ad2a7be652d8b73cdeb794b498c03d8f783bc4
-
SHA256
7e9ccdf57f7fe03c9e2efd738b6490aabed53615f70a101a8c1cd008716fa6d2
-
SHA512
bc6a38573e87fc6bc7b945ee76f5b8102e5adfa1ff6262356212a0fb66f2b4cb071193df75f05da715627d1d4c5cb2cd733f786371bf271e5ee94f88557de65d
-
SSDEEP
3072:M9xApN8qo8I+HI0C+iUn9wYaA8MqfvJLAiT12Rerybp80C:wTqoQHIbYatRJLAiT3ry3
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2