General
-
Target
857e938e8bef854c67fec66d7fbfc7f19e29b81fe4cd8c1e387a9b34918e2f1d
-
Size
201KB
-
Sample
220925-hj3xysdfd4
-
MD5
2e636c990dc2d04cc549d783da6f462e
-
SHA1
9095209d363a69b5f4696d2c1de6435dc9745db5
-
SHA256
857e938e8bef854c67fec66d7fbfc7f19e29b81fe4cd8c1e387a9b34918e2f1d
-
SHA512
22d1b71371f99da9e6211da17feca7e254cf7295b3cc2ab072c6316881ce736c4f5704013b9c03dec72ef098337bb7d5592d5d5cbfed404f76a9aaf945ce9e49
-
SSDEEP
3072:nEwJBL4VPtwN5tYxZm024CDz/+8Wep3AT3JBNqdKS/PkIXx:vLEtsIm02h/LdyTRqg
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
857e938e8bef854c67fec66d7fbfc7f19e29b81fe4cd8c1e387a9b34918e2f1d
-
Size
201KB
-
MD5
2e636c990dc2d04cc549d783da6f462e
-
SHA1
9095209d363a69b5f4696d2c1de6435dc9745db5
-
SHA256
857e938e8bef854c67fec66d7fbfc7f19e29b81fe4cd8c1e387a9b34918e2f1d
-
SHA512
22d1b71371f99da9e6211da17feca7e254cf7295b3cc2ab072c6316881ce736c4f5704013b9c03dec72ef098337bb7d5592d5d5cbfed404f76a9aaf945ce9e49
-
SSDEEP
3072:nEwJBL4VPtwN5tYxZm024CDz/+8Wep3AT3JBNqdKS/PkIXx:vLEtsIm02h/LdyTRqg
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-