General
-
Target
7d396a366093301230d10080ba771b06193fcfa920e4f8005d2309ad9efa3349
-
Size
202KB
-
Sample
220925-m6v8vaffdq
-
MD5
95d6d6c9d3039e7a8129f7646e620ffd
-
SHA1
4edae4076ff0cfae9c687f9aac43a3b0dc6efcf7
-
SHA256
7d396a366093301230d10080ba771b06193fcfa920e4f8005d2309ad9efa3349
-
SHA512
9167d4fc76b49eeb0ddb42a73c2a0f387180b5611d7e50a3e48dfc6d9fa753f1fca70f1152d212548517e211b7e9367a2adeaed0e6c044dfc1260f370fc873b3
-
SSDEEP
3072:uuWxz7ZAj5Ro67/LzmaRApDHFRreR0OOaXBTT64vBWUjML/PkxXx:QR67/ntARe2za44v4
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
7d396a366093301230d10080ba771b06193fcfa920e4f8005d2309ad9efa3349
-
Size
202KB
-
MD5
95d6d6c9d3039e7a8129f7646e620ffd
-
SHA1
4edae4076ff0cfae9c687f9aac43a3b0dc6efcf7
-
SHA256
7d396a366093301230d10080ba771b06193fcfa920e4f8005d2309ad9efa3349
-
SHA512
9167d4fc76b49eeb0ddb42a73c2a0f387180b5611d7e50a3e48dfc6d9fa753f1fca70f1152d212548517e211b7e9367a2adeaed0e6c044dfc1260f370fc873b3
-
SSDEEP
3072:uuWxz7ZAj5Ro67/LzmaRApDHFRreR0OOaXBTT64vBWUjML/PkxXx:QR67/ntARe2za44v4
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-