General
-
Target
4210bc2cdf01649f08a21d8a6d253ecc01edd2c8523fd34432ddfe7ff9142c36
-
Size
201KB
-
Sample
220925-jscb2afbdm
-
MD5
037b1502d216d2cbf56efc75e4fbfd1f
-
SHA1
e5fc8fc23c871ac57f7dc990a140065989c1fc3f
-
SHA256
4210bc2cdf01649f08a21d8a6d253ecc01edd2c8523fd34432ddfe7ff9142c36
-
SHA512
6caa2dffd75a52c4a91aebf0ec1a8b7225c6aa00c46bd1a6c98e8a299c10f6ae09f7be3fbb1e3a44fd62dcb566fb0700a3b7501d8707fa4f1c4c69be52ac84dc
-
SSDEEP
3072:r1447dLgdxx0N5e5v4pdG13wD5gzMQQjSZo1Bin2m/PkIXx:nLSxb6Lm8SCq
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
4210bc2cdf01649f08a21d8a6d253ecc01edd2c8523fd34432ddfe7ff9142c36
-
Size
201KB
-
MD5
037b1502d216d2cbf56efc75e4fbfd1f
-
SHA1
e5fc8fc23c871ac57f7dc990a140065989c1fc3f
-
SHA256
4210bc2cdf01649f08a21d8a6d253ecc01edd2c8523fd34432ddfe7ff9142c36
-
SHA512
6caa2dffd75a52c4a91aebf0ec1a8b7225c6aa00c46bd1a6c98e8a299c10f6ae09f7be3fbb1e3a44fd62dcb566fb0700a3b7501d8707fa4f1c4c69be52ac84dc
-
SSDEEP
3072:r1447dLgdxx0N5e5v4pdG13wD5gzMQQjSZo1Bin2m/PkIXx:nLSxb6Lm8SCq
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-