General
-
Target
6b439f0e69f6d25fc409ad0a5af97a52028b2ec3ae890694b8862ad56e25cfe5
-
Size
197KB
-
Sample
220924-tqs7wachfr
-
MD5
8b18eb0a88d43a1e8cfdbd6dbcc501ca
-
SHA1
5ccbea3b2e766f3eddb1f8c71c0d38d4fff8c077
-
SHA256
6b439f0e69f6d25fc409ad0a5af97a52028b2ec3ae890694b8862ad56e25cfe5
-
SHA512
5a54450e896fc8d7a08b68bee8110cc3312bf59a83a122a4f02e295309de9f94afa2d83bfa318c34c02165e204aadb9be8fbe48a1cd30449de04fb2fa3e13507
-
SSDEEP
3072:T6sF6LCp8psrA5wWcLJ40nhd2zOSh19xeB3W8R0nRAZR/Pkk4x:GLdpzcHnRSf8WlnRc
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
6b439f0e69f6d25fc409ad0a5af97a52028b2ec3ae890694b8862ad56e25cfe5
-
Size
197KB
-
MD5
8b18eb0a88d43a1e8cfdbd6dbcc501ca
-
SHA1
5ccbea3b2e766f3eddb1f8c71c0d38d4fff8c077
-
SHA256
6b439f0e69f6d25fc409ad0a5af97a52028b2ec3ae890694b8862ad56e25cfe5
-
SHA512
5a54450e896fc8d7a08b68bee8110cc3312bf59a83a122a4f02e295309de9f94afa2d83bfa318c34c02165e204aadb9be8fbe48a1cd30449de04fb2fa3e13507
-
SSDEEP
3072:T6sF6LCp8psrA5wWcLJ40nhd2zOSh19xeB3W8R0nRAZR/Pkk4x:GLdpzcHnRSf8WlnRc
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-