General
-
Target
f1e5e626c6ff6403a0b315099bb70b729b0164a310c2b490f47977c919fccefa
-
Size
202KB
-
Sample
220925-tv1shsgegn
-
MD5
a419b3fcc5699b4b593f9d4741b1ffcf
-
SHA1
3ecc6be80a561c550791682e166eb68652a9d0b8
-
SHA256
f1e5e626c6ff6403a0b315099bb70b729b0164a310c2b490f47977c919fccefa
-
SHA512
b64689fd1242d13f30103dad9ffe2fa8f31ecb85bbcfdeabd675d2645002cd7d1f25e626b1523232307fcf73273753f02e8b888df6d9dfda4d2a40b9af123014
-
SSDEEP
3072:bQNaWrh+Ez5LK4eqzvCfp/aFabwUm/IbAAPBSibRg/PkuXx:aZbCfp/amVbHUib
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
f1e5e626c6ff6403a0b315099bb70b729b0164a310c2b490f47977c919fccefa
-
Size
202KB
-
MD5
a419b3fcc5699b4b593f9d4741b1ffcf
-
SHA1
3ecc6be80a561c550791682e166eb68652a9d0b8
-
SHA256
f1e5e626c6ff6403a0b315099bb70b729b0164a310c2b490f47977c919fccefa
-
SHA512
b64689fd1242d13f30103dad9ffe2fa8f31ecb85bbcfdeabd675d2645002cd7d1f25e626b1523232307fcf73273753f02e8b888df6d9dfda4d2a40b9af123014
-
SSDEEP
3072:bQNaWrh+Ez5LK4eqzvCfp/aFabwUm/IbAAPBSibRg/PkuXx:aZbCfp/amVbHUib
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-