General
-
Target
84bf9710ace35a4f7fc67ff7044d8e61fb4480a0fa62a18daf88aab07c8a2a01
-
Size
201KB
-
Sample
220925-qy8qraeha5
-
MD5
94037e7fd7ef37630fa53fd3956db179
-
SHA1
16f413cb27c128758fd2dbbf134e60007101220f
-
SHA256
84bf9710ace35a4f7fc67ff7044d8e61fb4480a0fa62a18daf88aab07c8a2a01
-
SHA512
5a1bcadbc041c5e2c5b565b7745256ea6a6d3909d1f843e69d7c1e54f24f0dc9c828ea565256abb04c237b08e9226cd2b594eba65b978578e4bf052ee0d5a237
-
SSDEEP
3072:d8mVwTFMQj5EtoHNNON1+h7ap7AqT7BjBZgeL6/PkzXx:G2rtoIM7a7AqNBZ
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
84bf9710ace35a4f7fc67ff7044d8e61fb4480a0fa62a18daf88aab07c8a2a01
-
Size
201KB
-
MD5
94037e7fd7ef37630fa53fd3956db179
-
SHA1
16f413cb27c128758fd2dbbf134e60007101220f
-
SHA256
84bf9710ace35a4f7fc67ff7044d8e61fb4480a0fa62a18daf88aab07c8a2a01
-
SHA512
5a1bcadbc041c5e2c5b565b7745256ea6a6d3909d1f843e69d7c1e54f24f0dc9c828ea565256abb04c237b08e9226cd2b594eba65b978578e4bf052ee0d5a237
-
SSDEEP
3072:d8mVwTFMQj5EtoHNNON1+h7ap7AqT7BjBZgeL6/PkzXx:G2rtoIM7a7AqNBZ
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-