General
-
Target
154f6db507fa03a3a87f473ef9620f8a4d22c8ee98d9edc93b987a7ce6ee6703
-
Size
201KB
-
Sample
220925-pa86yafgfr
-
MD5
903eb6c1cbe9a936bf183e41fdb8039c
-
SHA1
9cea4544e5966b21062b83fc7d222ecc4c422e40
-
SHA256
154f6db507fa03a3a87f473ef9620f8a4d22c8ee98d9edc93b987a7ce6ee6703
-
SHA512
3594a214f788236c983d6078ddcd5e1d9b4952a7bf80f9e9e44b55261951094b79ecfd7aaddca7afad5b961189e8f155e1145e0d62fe5ef9f6649d09a6338edc
-
SSDEEP
3072:yC82X+bfj5imGY531GAX4GcJsM4/cwRmzP5B8KfLZ/PkxXx:GoxIUG9DRyP4
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
154f6db507fa03a3a87f473ef9620f8a4d22c8ee98d9edc93b987a7ce6ee6703
-
Size
201KB
-
MD5
903eb6c1cbe9a936bf183e41fdb8039c
-
SHA1
9cea4544e5966b21062b83fc7d222ecc4c422e40
-
SHA256
154f6db507fa03a3a87f473ef9620f8a4d22c8ee98d9edc93b987a7ce6ee6703
-
SHA512
3594a214f788236c983d6078ddcd5e1d9b4952a7bf80f9e9e44b55261951094b79ecfd7aaddca7afad5b961189e8f155e1145e0d62fe5ef9f6649d09a6338edc
-
SSDEEP
3072:yC82X+bfj5imGY531GAX4GcJsM4/cwRmzP5B8KfLZ/PkxXx:GoxIUG9DRyP4
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-