General
-
Target
ca4721df45236360da495bce3dc4a6a62026d726317d818ca27b46afb7e78073
-
Size
146KB
-
Sample
221129-s9baqsch66
-
MD5
5fd4f206b089ec85c7a97b216dd5a580
-
SHA1
9185ca0ed0d1f2dd5d4d06db755c1a23fbb997ff
-
SHA256
ca4721df45236360da495bce3dc4a6a62026d726317d818ca27b46afb7e78073
-
SHA512
837d002f1bed6014c67b315b59be9a124b325e1186e26d4a82dd9491464bf8e4344f945d7d3f643b935881f521b4bfc968465f9b6d020199b291d7798d8be0c7
-
SSDEEP
3072:MrCuFQHNZN558EgRN7DDzsil7Y/4CRuE+:olqHNrPy9DDDlM3Ru
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
ca4721df45236360da495bce3dc4a6a62026d726317d818ca27b46afb7e78073
-
Size
146KB
-
MD5
5fd4f206b089ec85c7a97b216dd5a580
-
SHA1
9185ca0ed0d1f2dd5d4d06db755c1a23fbb997ff
-
SHA256
ca4721df45236360da495bce3dc4a6a62026d726317d818ca27b46afb7e78073
-
SHA512
837d002f1bed6014c67b315b59be9a124b325e1186e26d4a82dd9491464bf8e4344f945d7d3f643b935881f521b4bfc968465f9b6d020199b291d7798d8be0c7
-
SSDEEP
3072:MrCuFQHNZN558EgRN7DDzsil7Y/4CRuE+:olqHNrPy9DDDlM3Ru
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-