General
-
Target
57dd3e0f5422b1a894b0b9de7ffcba951b37c82966866363fab31050ce89ddc2
-
Size
146KB
-
Sample
221129-2wqmyafa96
-
MD5
060da2e646a7e13deb80cea961165c1d
-
SHA1
65689391b1898adc630e4c88e2bca939118592fd
-
SHA256
57dd3e0f5422b1a894b0b9de7ffcba951b37c82966866363fab31050ce89ddc2
-
SHA512
113af8be30e663fcd2ac89a6984e81969b83d295a8b9536845ad1dc6ffcb79f1f8c15f49e6ee48a2b55218d9c628e28fc676952c4c84e4abfba0db341391d844
-
SSDEEP
3072:rDJP/dU+27P52zUp5A9ORQR6uUu7qTTFjycsDFvY4PjBi:5Hda52f4RQAuU9Tdcjg
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
57dd3e0f5422b1a894b0b9de7ffcba951b37c82966866363fab31050ce89ddc2
-
Size
146KB
-
MD5
060da2e646a7e13deb80cea961165c1d
-
SHA1
65689391b1898adc630e4c88e2bca939118592fd
-
SHA256
57dd3e0f5422b1a894b0b9de7ffcba951b37c82966866363fab31050ce89ddc2
-
SHA512
113af8be30e663fcd2ac89a6984e81969b83d295a8b9536845ad1dc6ffcb79f1f8c15f49e6ee48a2b55218d9c628e28fc676952c4c84e4abfba0db341391d844
-
SSDEEP
3072:rDJP/dU+27P52zUp5A9ORQR6uUu7qTTFjycsDFvY4PjBi:5Hda52f4RQAuU9Tdcjg
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-