General
-
Target
42e8f16750da2bb974b389821e7df41a3f7b3d9e8881f7272da30d511a808d11
-
Size
197KB
-
Sample
220925-cxqxnaebgl
-
MD5
0215a7ca58751fc5ac07473e97fcaf7c
-
SHA1
5279097f5dfe6bc2b783e5dd4b4ae6f12241e515
-
SHA256
42e8f16750da2bb974b389821e7df41a3f7b3d9e8881f7272da30d511a808d11
-
SHA512
3cb4064d78b7bfbba4bf64719962df13108db401d541a7056e71205e9e92e21277b76ecaac3031728c94b990eb26f1a1d90a924ef56de0339d3feaf165af47ee
-
SSDEEP
3072:V2ca8LxJMkx6N5fndieSwBYxXy2NWFSVQHQBR/AJc/PkkXx:tLx1xsdiyYo2NWP6A
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
42e8f16750da2bb974b389821e7df41a3f7b3d9e8881f7272da30d511a808d11
-
Size
197KB
-
MD5
0215a7ca58751fc5ac07473e97fcaf7c
-
SHA1
5279097f5dfe6bc2b783e5dd4b4ae6f12241e515
-
SHA256
42e8f16750da2bb974b389821e7df41a3f7b3d9e8881f7272da30d511a808d11
-
SHA512
3cb4064d78b7bfbba4bf64719962df13108db401d541a7056e71205e9e92e21277b76ecaac3031728c94b990eb26f1a1d90a924ef56de0339d3feaf165af47ee
-
SSDEEP
3072:V2ca8LxJMkx6N5fndieSwBYxXy2NWFSVQHQBR/AJc/PkkXx:tLx1xsdiyYo2NWP6A
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-