General
-
Target
37c2e6a8876e1bf0eeddbd1ca2344b42c071d3fc0a1b9e398f4aa84e6ea20c31
-
Size
196KB
-
Sample
220924-srkfpabed2
-
MD5
d5430b824868e86355e8a08ed690925c
-
SHA1
2800001ad2ca47ac878bf6c0e24fdd6a310128e6
-
SHA256
37c2e6a8876e1bf0eeddbd1ca2344b42c071d3fc0a1b9e398f4aa84e6ea20c31
-
SHA512
b91b2a53bff5992b4ae17bca6228d6bef639b15ce392aea1390dffa355f47150aed6f8d5098171a70e01e726afb195be0c93b3fe28d4aec322f531a1488fc6ff
-
SSDEEP
3072:w+RdLkOzcNb5FUZpBfpRWOIL796Nrt4XdS0fBxAn/ys/Pkk4x:bLLc5apDRWOO96iuq
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
37c2e6a8876e1bf0eeddbd1ca2344b42c071d3fc0a1b9e398f4aa84e6ea20c31
-
Size
196KB
-
MD5
d5430b824868e86355e8a08ed690925c
-
SHA1
2800001ad2ca47ac878bf6c0e24fdd6a310128e6
-
SHA256
37c2e6a8876e1bf0eeddbd1ca2344b42c071d3fc0a1b9e398f4aa84e6ea20c31
-
SHA512
b91b2a53bff5992b4ae17bca6228d6bef639b15ce392aea1390dffa355f47150aed6f8d5098171a70e01e726afb195be0c93b3fe28d4aec322f531a1488fc6ff
-
SSDEEP
3072:w+RdLkOzcNb5FUZpBfpRWOIL796Nrt4XdS0fBxAn/ys/Pkk4x:bLLc5apDRWOO96iuq
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-