General
-
Target
0ef96177554f1cd2eea823b6dc0c3dc54aec830827a2e82f59aed9fe7b896ba5
-
Size
201KB
-
Sample
220925-fy9b6sddd7
-
MD5
f5a2b47d112ad48b217f27a0ffc4014e
-
SHA1
be36dbcfced8ae41257aa9f01598ddf232ece6fe
-
SHA256
0ef96177554f1cd2eea823b6dc0c3dc54aec830827a2e82f59aed9fe7b896ba5
-
SHA512
ba59b8939e00fad5ff72780952571d86820c18fc2b891e4d8367dfc2d61b24c57eaec46a8eb236c79a3728d6fad902c6a13497015407977f33f8a3e07aa75458
-
SSDEEP
3072:kGDc4L5uExDN5+AXZMj1Uc+ub/PbvB4AqdBc619NOL/PkIXx:PL7xtktbnbJ45
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
0ef96177554f1cd2eea823b6dc0c3dc54aec830827a2e82f59aed9fe7b896ba5
-
Size
201KB
-
MD5
f5a2b47d112ad48b217f27a0ffc4014e
-
SHA1
be36dbcfced8ae41257aa9f01598ddf232ece6fe
-
SHA256
0ef96177554f1cd2eea823b6dc0c3dc54aec830827a2e82f59aed9fe7b896ba5
-
SHA512
ba59b8939e00fad5ff72780952571d86820c18fc2b891e4d8367dfc2d61b24c57eaec46a8eb236c79a3728d6fad902c6a13497015407977f33f8a3e07aa75458
-
SSDEEP
3072:kGDc4L5uExDN5+AXZMj1Uc+ub/PbvB4AqdBc619NOL/PkIXx:PL7xtktbnbJ45
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-