General
-
Target
8e5b1c4a69ccc6a101810f25ea4d0aef0c087ae693c6febf52b49bee14abcddb
-
Size
196KB
-
Sample
220924-zl346sdcep
-
MD5
27da484783e0473adfd88893597c72d9
-
SHA1
1b56b3ba1cc538b0e00f705ed3106c7613470a80
-
SHA256
8e5b1c4a69ccc6a101810f25ea4d0aef0c087ae693c6febf52b49bee14abcddb
-
SHA512
dd1dbe29da761d57cf5a5df661176295b7193d862cfa073f81831854cad68704ee6700653eb790a95ac3052de92339d336481d8c0eaf05401630313a7ef78ae6
-
SSDEEP
3072:jO7APMLe13d2M9aA5xVU6A0oS30RKEwoBQdn/PkkXx:6LL4x9VU6A0r4hw7
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
8e5b1c4a69ccc6a101810f25ea4d0aef0c087ae693c6febf52b49bee14abcddb
-
Size
196KB
-
MD5
27da484783e0473adfd88893597c72d9
-
SHA1
1b56b3ba1cc538b0e00f705ed3106c7613470a80
-
SHA256
8e5b1c4a69ccc6a101810f25ea4d0aef0c087ae693c6febf52b49bee14abcddb
-
SHA512
dd1dbe29da761d57cf5a5df661176295b7193d862cfa073f81831854cad68704ee6700653eb790a95ac3052de92339d336481d8c0eaf05401630313a7ef78ae6
-
SSDEEP
3072:jO7APMLe13d2M9aA5xVU6A0oS30RKEwoBQdn/PkkXx:6LL4x9VU6A0r4hw7
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-