General
-
Target
04a4ae292035cdb08ed939c6d104477a71f19396bb413d8258e618bfe19e1018
-
Size
196KB
-
Sample
220924-wcpnmsbfh4
-
MD5
10ca914ac3dffb4ea2fea05db291a14e
-
SHA1
5aeaf990cd8c88d38a14677797261ac950d174cb
-
SHA256
04a4ae292035cdb08ed939c6d104477a71f19396bb413d8258e618bfe19e1018
-
SHA512
72fc17e3bbad99bdf05df0bd3e1f59a99de9c1ade75042f1e19af66e1d55b195e040f4473c74c549bc400f7cc70078ff00c132466cf677209657bfdf2d690827
-
SSDEEP
3072:njZ0ppLMOIV1A5jzi+wV5ilKPInP3dkCEBKd8uy/Pkk4x:jiLoVF+MyKIP3dnCu
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
04a4ae292035cdb08ed939c6d104477a71f19396bb413d8258e618bfe19e1018
-
Size
196KB
-
MD5
10ca914ac3dffb4ea2fea05db291a14e
-
SHA1
5aeaf990cd8c88d38a14677797261ac950d174cb
-
SHA256
04a4ae292035cdb08ed939c6d104477a71f19396bb413d8258e618bfe19e1018
-
SHA512
72fc17e3bbad99bdf05df0bd3e1f59a99de9c1ade75042f1e19af66e1d55b195e040f4473c74c549bc400f7cc70078ff00c132466cf677209657bfdf2d690827
-
SSDEEP
3072:njZ0ppLMOIV1A5jzi+wV5ilKPInP3dkCEBKd8uy/Pkk4x:jiLoVF+MyKIP3dnCu
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-