General
-
Target
file
-
Size
278KB
-
Sample
231121-mz3z4sdh37
-
MD5
8ade7222dfa2cf56b4f469e4a346cb5c
-
SHA1
1803834fb17b2a2f579491054d64b61ff6f921d1
-
SHA256
b1ae2a5d3d178736bfccf1226d311505a0e704ab81854aa606947f2c36f793b2
-
SHA512
f7fd4c277b443ffeda8536fe29c69f300ea3958cad0b6cf8cd3f238924121cdbdffad8d4bfbdd0619a45b86001734f6e3238cec1149715d873d7c3ebb5a0f0ed
-
SSDEEP
3072:5cA+vjwiKuPGViDPvY+nv/Uli06Ny47RTZO1iA9d3QyarHU/5LcbzD:M7wIPsice/Uli06Nn/YWwM
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20231025-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
file
-
Size
278KB
-
MD5
8ade7222dfa2cf56b4f469e4a346cb5c
-
SHA1
1803834fb17b2a2f579491054d64b61ff6f921d1
-
SHA256
b1ae2a5d3d178736bfccf1226d311505a0e704ab81854aa606947f2c36f793b2
-
SHA512
f7fd4c277b443ffeda8536fe29c69f300ea3958cad0b6cf8cd3f238924121cdbdffad8d4bfbdd0619a45b86001734f6e3238cec1149715d873d7c3ebb5a0f0ed
-
SSDEEP
3072:5cA+vjwiKuPGViDPvY+nv/Uli06Ny47RTZO1iA9d3QyarHU/5LcbzD:M7wIPsice/Uli06Nn/YWwM
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2