General
-
Target
35da7aab0d190d5aeb04eaaa179c1cbd2302004c7671d6c71bc078a3df97d652.zip
-
Size
158KB
-
Sample
231119-zj6ghscc6w
-
MD5
a8a873d77971ef9485c4ee990d955f2a
-
SHA1
82055a3a7fe957d51271304405665a47b6f08af9
-
SHA256
81985822ad006b10f00e948e1aab8bc3082397353ce39059f5dd01bc08dbb157
-
SHA512
3d06a35dcd87ce100151f67e9e28749811db66ff5ee0efb88823cf7e0710cdcaf8aa51c9db1aac2f578c44a59a8ea3d01b7d1250fde58345bf4f9e6a053ef56f
-
SSDEEP
3072:blNPLVg4IPhn4Vx+aJ/4ihf01OGnjKmbWR+tYfn5WqV2RPs1vh8:bTZNJo8gi6NnjBWRkY/5KsQ
Static task
static1
Behavioral task
behavioral1
Sample
35da7aab0d190d5aeb04eaaa179c1cbd2302004c7671d6c71bc078a3df97d652.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
35da7aab0d190d5aeb04eaaa179c1cbd2302004c7671d6c71bc078a3df97d652.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
35da7aab0d190d5aeb04eaaa179c1cbd2302004c7671d6c71bc078a3df97d652.exe
-
Size
274KB
-
MD5
59e1227450eb946f0eb83fad2f72b1f5
-
SHA1
b78400bfe2fb0dbe892b1dff5220a7de2c43dfc6
-
SHA256
35da7aab0d190d5aeb04eaaa179c1cbd2302004c7671d6c71bc078a3df97d652
-
SHA512
19fd57f8a026cd2cc64f4d8ac99538b9d90f9a33a3d70c2061131ea5094a53fa0c4bf23a6adaf51d06bdd799236860311cb4f67e7503ac43259461aedfeda1c2
-
SSDEEP
3072:QlnO9lcF4LS5ZUsBHS9R071uEcR647ovb3Trh6e:UnXKL+By9R0ooMMrT
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2