General
-
Target
3cc581151b1b4d4b6a61a806a465b1382a6aa47d4534444c1baeeb9e83c487e6
-
Size
310KB
-
Sample
220605-mn8ffshhe2
-
MD5
a45e220e667e0d0e85b476f6e5835086
-
SHA1
1a48b13932940ec999cbd46ff74406bc9931806c
-
SHA256
3cc581151b1b4d4b6a61a806a465b1382a6aa47d4534444c1baeeb9e83c487e6
-
SHA512
852487ba3bf35ef128e7ce61d7ecde726eacf4cab2ee9c45632afe22662ff8fe713d243c73b07ffb0ae2c416218c9c8e548dba3214de9ad169265bbd925604ef
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
3cc581151b1b4d4b6a61a806a465b1382a6aa47d4534444c1baeeb9e83c487e6
-
Size
310KB
-
MD5
a45e220e667e0d0e85b476f6e5835086
-
SHA1
1a48b13932940ec999cbd46ff74406bc9931806c
-
SHA256
3cc581151b1b4d4b6a61a806a465b1382a6aa47d4534444c1baeeb9e83c487e6
-
SHA512
852487ba3bf35ef128e7ce61d7ecde726eacf4cab2ee9c45632afe22662ff8fe713d243c73b07ffb0ae2c416218c9c8e548dba3214de9ad169265bbd925604ef
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-