General
-
Target
3c75d33a1ff03643f809e83d374e7fcad2fb35e7f92fe1d7b1a48787fcc6c29d
-
Size
146KB
-
Sample
221129-wclxraec9t
-
MD5
0310f2c1c5f82d3eefa5a49edb9debc3
-
SHA1
c5bb5b5c1b1ffbb5656b8839e3c88a8fdba2b1b7
-
SHA256
3c75d33a1ff03643f809e83d374e7fcad2fb35e7f92fe1d7b1a48787fcc6c29d
-
SHA512
edf03f6ffd056c4892889d46c3311fb3cfa688697000e57e723c33e383543cdfbb1e801989d95db3c68575d9059aee6a14c0c5837389b9dfa23863d282cd14bc
-
SSDEEP
3072:xbDRuVOoqhN6y5aqJXkqsDmQrzDBgc72AL99jmlOI62FQ:jugHhN8qx6mNu9sv62K
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
3c75d33a1ff03643f809e83d374e7fcad2fb35e7f92fe1d7b1a48787fcc6c29d
-
Size
146KB
-
MD5
0310f2c1c5f82d3eefa5a49edb9debc3
-
SHA1
c5bb5b5c1b1ffbb5656b8839e3c88a8fdba2b1b7
-
SHA256
3c75d33a1ff03643f809e83d374e7fcad2fb35e7f92fe1d7b1a48787fcc6c29d
-
SHA512
edf03f6ffd056c4892889d46c3311fb3cfa688697000e57e723c33e383543cdfbb1e801989d95db3c68575d9059aee6a14c0c5837389b9dfa23863d282cd14bc
-
SSDEEP
3072:xbDRuVOoqhN6y5aqJXkqsDmQrzDBgc72AL99jmlOI62FQ:jugHhN8qx6mNu9sv62K
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-