General
-
Target
f03135f07294b83f13c2afd0730b9aa0c0af66d06eebe96fd57821987af85965
-
Size
184KB
-
Sample
221130-ma4v4seb7s
-
MD5
99ac617cfb5aa5bc8cffb4c749178add
-
SHA1
a5a9cb91d2081568fd5c0e4842e6c4e659e2c84a
-
SHA256
f03135f07294b83f13c2afd0730b9aa0c0af66d06eebe96fd57821987af85965
-
SHA512
502df93bdea2c97fadf6c5cb4d35788b2e02c8a56c355131a55d62c73c8ed83d95ff7abac8c12311c5b561080d1893fecce201511d9f7c3a9bf163de254180b5
-
SSDEEP
3072:CDbMlfKRw8TiJIK5Ct2VZWA30KwbxttL90s9Jxu:cMX8TilWA30KQtv0s9n
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
f03135f07294b83f13c2afd0730b9aa0c0af66d06eebe96fd57821987af85965
-
Size
184KB
-
MD5
99ac617cfb5aa5bc8cffb4c749178add
-
SHA1
a5a9cb91d2081568fd5c0e4842e6c4e659e2c84a
-
SHA256
f03135f07294b83f13c2afd0730b9aa0c0af66d06eebe96fd57821987af85965
-
SHA512
502df93bdea2c97fadf6c5cb4d35788b2e02c8a56c355131a55d62c73c8ed83d95ff7abac8c12311c5b561080d1893fecce201511d9f7c3a9bf163de254180b5
-
SSDEEP
3072:CDbMlfKRw8TiJIK5Ct2VZWA30KwbxttL90s9Jxu:cMX8TilWA30KQtv0s9n
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-