General
-
Target
871d8f305ea128a0abbcf62fc354539a598f0c0666c13e6146e518d7dc28a413
-
Size
146KB
-
Sample
221129-mgy87sdd9z
-
MD5
53ce564d92dd79f3ed0c58a02f5839df
-
SHA1
981a773279d1b7ebd6b25428ed346c76293b9cdf
-
SHA256
871d8f305ea128a0abbcf62fc354539a598f0c0666c13e6146e518d7dc28a413
-
SHA512
11bda203d2c965bc294b2c4ee22ef9a0e1ad2b16309d28ffb4b518a51fd3bb3076daa60f4b3f9ed159aa6333f67145e0c729d87dc4250de853a044cbe592a575
-
SSDEEP
1536:tbBo4eLtUXNlOYV8vzAVLc6/5BgQh2bx5YFFJ0V+sr7NU8gU6oXE5zjRr57n2FXG:tFoePe6/5Lsx58MwAN19dEp1t7n2KhZ
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
871d8f305ea128a0abbcf62fc354539a598f0c0666c13e6146e518d7dc28a413
-
Size
146KB
-
MD5
53ce564d92dd79f3ed0c58a02f5839df
-
SHA1
981a773279d1b7ebd6b25428ed346c76293b9cdf
-
SHA256
871d8f305ea128a0abbcf62fc354539a598f0c0666c13e6146e518d7dc28a413
-
SHA512
11bda203d2c965bc294b2c4ee22ef9a0e1ad2b16309d28ffb4b518a51fd3bb3076daa60f4b3f9ed159aa6333f67145e0c729d87dc4250de853a044cbe592a575
-
SSDEEP
1536:tbBo4eLtUXNlOYV8vzAVLc6/5BgQh2bx5YFFJ0V+sr7NU8gU6oXE5zjRr57n2FXG:tFoePe6/5Lsx58MwAN19dEp1t7n2KhZ
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-