General
-
Target
ea3f1761b58df1891e2c8a0550864578194aaf8e6299f920e9aa14ef12a57a8d
-
Size
307KB
-
Sample
220603-2hdq8abebp
-
MD5
22611ea41c1568cb3aeeea5168f432a3
-
SHA1
26c7be59dc71e41a4ed9de09e78ca1fdaadc73c5
-
SHA256
ea3f1761b58df1891e2c8a0550864578194aaf8e6299f920e9aa14ef12a57a8d
-
SHA512
5b6cf583961ff03b526bdf5a2116a84b5fd467d121cc3a5c7e69a59a93b0ca419fa5c2c183fa7145598ff1bf2e2fb96a368e7abd2af82952fab5dd482ea7f9c9
Static task
static1
Behavioral task
behavioral1
Sample
ea3f1761b58df1891e2c8a0550864578194aaf8e6299f920e9aa14ef12a57a8d.exe
Resource
win10-20220414-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
ea3f1761b58df1891e2c8a0550864578194aaf8e6299f920e9aa14ef12a57a8d
-
Size
307KB
-
MD5
22611ea41c1568cb3aeeea5168f432a3
-
SHA1
26c7be59dc71e41a4ed9de09e78ca1fdaadc73c5
-
SHA256
ea3f1761b58df1891e2c8a0550864578194aaf8e6299f920e9aa14ef12a57a8d
-
SHA512
5b6cf583961ff03b526bdf5a2116a84b5fd467d121cc3a5c7e69a59a93b0ca419fa5c2c183fa7145598ff1bf2e2fb96a368e7abd2af82952fab5dd482ea7f9c9
-
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
XMRig Miner Payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Accesses Microsoft Outlook profiles
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-