General
-
Target
20af9e1c402a9dc6ccc0fa68abfdd7f44b17824c9df1c03a83b55d97019a3a67
-
Size
196KB
-
Sample
220924-xm7gwadbbq
-
MD5
f2ba75620016d62bb48c60d1819e0f80
-
SHA1
5b061ef59038833062447a1a687a2eb12e3342c3
-
SHA256
20af9e1c402a9dc6ccc0fa68abfdd7f44b17824c9df1c03a83b55d97019a3a67
-
SHA512
c0b0179ffe6c51025c237c57a85f3b1d3510ab90265c6a75bd5fda07e1b8b2cbfdbb93e5567ff4aab32909600506906f96146a73ae673716d1cfb76d4c2f4dcf
-
SSDEEP
3072:3T5soSXLLfgM9JA5JXWVcxRiUuaAleeCdkjJIB0TK7btBymxKz/PkkXx:D0LL39gpxRiUfAlz3JN+v
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
20af9e1c402a9dc6ccc0fa68abfdd7f44b17824c9df1c03a83b55d97019a3a67
-
Size
196KB
-
MD5
f2ba75620016d62bb48c60d1819e0f80
-
SHA1
5b061ef59038833062447a1a687a2eb12e3342c3
-
SHA256
20af9e1c402a9dc6ccc0fa68abfdd7f44b17824c9df1c03a83b55d97019a3a67
-
SHA512
c0b0179ffe6c51025c237c57a85f3b1d3510ab90265c6a75bd5fda07e1b8b2cbfdbb93e5567ff4aab32909600506906f96146a73ae673716d1cfb76d4c2f4dcf
-
SSDEEP
3072:3T5soSXLLfgM9JA5JXWVcxRiUuaAleeCdkjJIB0TK7btBymxKz/PkkXx:D0LL39gpxRiUfAlz3JN+v
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-