General
-
Target
ea77b67970509fb08748f22a080d3c7ce82ecf8e19e4bfa6c4bf04cdc2576e5c
-
Size
200KB
-
Sample
220604-trbzzsagbp
-
MD5
0a16f5fe48660f453da4d32664390477
-
SHA1
d2712dcd12ecb90d1fc89bc00c90a9675e5a7e6b
-
SHA256
ea77b67970509fb08748f22a080d3c7ce82ecf8e19e4bfa6c4bf04cdc2576e5c
-
SHA512
603bc1056b9d9492d76aeb9f3247d81d399885d9bdf3c02b73f168eb4dea293baf0baa3cd6d40f76d45fded14fe7ce8c6b1fe0035fad759d22ef90de7f138efa
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
ea77b67970509fb08748f22a080d3c7ce82ecf8e19e4bfa6c4bf04cdc2576e5c
-
Size
200KB
-
MD5
0a16f5fe48660f453da4d32664390477
-
SHA1
d2712dcd12ecb90d1fc89bc00c90a9675e5a7e6b
-
SHA256
ea77b67970509fb08748f22a080d3c7ce82ecf8e19e4bfa6c4bf04cdc2576e5c
-
SHA512
603bc1056b9d9492d76aeb9f3247d81d399885d9bdf3c02b73f168eb4dea293baf0baa3cd6d40f76d45fded14fe7ce8c6b1fe0035fad759d22ef90de7f138efa
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-