General
-
Target
file
-
Size
230KB
-
Sample
231121-gv4sysde5s
-
MD5
885a3c52de19c50151a51f368984d0bb
-
SHA1
d4fd0f08aa8fb0046d47e6840c913e98d98057f4
-
SHA256
9ad80064fcaa519e50848c0b954a53400452bf623d6153be47633388542c1559
-
SHA512
a1c337ed8277e2fbe9132f04303f6b6d7bcb1582c2d7bef57eac4ec24a625c4b5ba4e39c62e26797e297a84ab859eb91f3dad0d3d1c618b5521b9b43957c767a
-
SSDEEP
3072:NAAAESW3sAbwmtov1bfgMZ0GSuJMRYJtU6pCZmyzPe77a6J7HqsDzg1p:bB31wUov11xz4YJaZNPe7hJ7Ng
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
file
-
Size
230KB
-
MD5
885a3c52de19c50151a51f368984d0bb
-
SHA1
d4fd0f08aa8fb0046d47e6840c913e98d98057f4
-
SHA256
9ad80064fcaa519e50848c0b954a53400452bf623d6153be47633388542c1559
-
SHA512
a1c337ed8277e2fbe9132f04303f6b6d7bcb1582c2d7bef57eac4ec24a625c4b5ba4e39c62e26797e297a84ab859eb91f3dad0d3d1c618b5521b9b43957c767a
-
SSDEEP
3072:NAAAESW3sAbwmtov1bfgMZ0GSuJMRYJtU6pCZmyzPe77a6J7HqsDzg1p:bB31wUov11xz4YJaZNPe7hJ7Ng
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2