General
-
Target
f2b4ea5a8678e6b4ff70b238e34a208f4287f113ba6a65c12592a01cf9cf17c1.zip
-
Size
158KB
-
Sample
231119-z4dbgabf63
-
MD5
5a6fd66af9d163e2d1094ae89c21c946
-
SHA1
893e6c8e78714db01c5a740329beb22345cec389
-
SHA256
becf293dd7aa8baad8a9d96312225fd25f597318f259056bf7ba45f46dc3a560
-
SHA512
9b68d666df7e711564e653a9c07fb3a38caf3288c16112bbf3829f6b2a748f801ffbeb993f3c1d07d870ad0370450fb00e1406c591831c71c64ade6835face2b
-
SSDEEP
3072:s6NqstztwLxyDLo8opFKAEq5zqdkAzJaXwNAUIYBXTSjUWNK1ai:x0LxyYzpF7jzqdkAbhIYBXOrU
Static task
static1
Behavioral task
behavioral1
Sample
f2b4ea5a8678e6b4ff70b238e34a208f4287f113ba6a65c12592a01cf9cf17c1.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
f2b4ea5a8678e6b4ff70b238e34a208f4287f113ba6a65c12592a01cf9cf17c1.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
f2b4ea5a8678e6b4ff70b238e34a208f4287f113ba6a65c12592a01cf9cf17c1.exe
-
Size
265KB
-
MD5
695c14c51ae9ff59157cf69f97b2d1cc
-
SHA1
4688eea11efa5c61c7704b5ca80196eb9099e867
-
SHA256
f2b4ea5a8678e6b4ff70b238e34a208f4287f113ba6a65c12592a01cf9cf17c1
-
SHA512
e43e45420544f2fd736f2427443941f1da5b8d4a74d4c9d2e0a95c8306b2f10e12beaa6b0c2ec2715ecbd66b41431f404c942c32720a8b3ee2afa640657d4688
-
SSDEEP
3072:d6LaowspCAE+mYgDxv5l7Iek5Ym7IQoiteVFWbVD22WsgAsR6c7ovb3TQh9:SaWCAF5Cf7Iem57InitGMxycQMrT
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2