General
-
Target
21c38ebbea03aa2ddce570a40ebcbf10217b80b9dde4924ce7119fb13d260edb.zip
-
Size
177KB
-
Sample
231119-zj6ghscc6v
-
MD5
52957212ff776243bdc5dae07e9e96b0
-
SHA1
b50819efa88c78afc6e47543a4a6760dc2d4766f
-
SHA256
c80549857b8ac1da07cce436c800c5ed276c9d2e06052bee96c4857b36be3dc1
-
SHA512
9620887b25e9819f96789b70e0d829ddbb87325ad1e876a218d69095f4adf2bee667a6b70832be1e30d6f4153d0a8294b9a845897764011bdb33ac62c9715cdf
-
SSDEEP
3072:BdLdFXZMtNa/iA0w6vdac5rdDLGCMI6hNtdrcbm3RhGAvqmmb9Co:BpytNHc0daIVZMp9tcbmhhGAR09b
Static task
static1
Behavioral task
behavioral1
Sample
21c38ebbea03aa2ddce570a40ebcbf10217b80b9dde4924ce7119fb13d260edb.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
21c38ebbea03aa2ddce570a40ebcbf10217b80b9dde4924ce7119fb13d260edb.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
21c38ebbea03aa2ddce570a40ebcbf10217b80b9dde4924ce7119fb13d260edb.exe
-
Size
329KB
-
MD5
c5acf32a68fc55104b5dafc61245bab4
-
SHA1
8a1d49efbb20a987cd87d227c4c4016a36c76afb
-
SHA256
21c38ebbea03aa2ddce570a40ebcbf10217b80b9dde4924ce7119fb13d260edb
-
SHA512
8bc262803139c0420b71ffea63e772124446349d913bb194646c22f0d4dca0cd04d3a3108032c2f31618f482e86fbfa0aa4de63d7c53fcd03dcc438763970808
-
SSDEEP
3072:y9xdm7sMhs6Y28qryW6A4bdZc4nJcJW+XkmwVWf4rEVjSHwZROr4bpLkC:yIths6Y28ehy5nJcU6QrEVjWlr4a
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2