General
-
Target
684b3559cee2ce8907739d016f2da360e91b753462c054f3be64e874581b5e7b
-
Size
192KB
-
Sample
221201-w73traca2y
-
MD5
c2d7638f1b0fba63a9f60d51c8d68e79
-
SHA1
2cd829b2d2c25f29ca6b3b520784b029355edcef
-
SHA256
684b3559cee2ce8907739d016f2da360e91b753462c054f3be64e874581b5e7b
-
SHA512
061ed2266a39cb0df01940e0cab2646db7edd4904d5589b7747772148c734e18078de4ad6c2cb50046a99f863ada8ca43e295f11879b70d1f16785eac5d0b5d8
-
SSDEEP
3072:k2kfHntlFLOB15qE8qOjEpydJLpn22+gcwjDAbEa3Qy/:+lFLOBw1jIYhpeTEaA
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
684b3559cee2ce8907739d016f2da360e91b753462c054f3be64e874581b5e7b
-
Size
192KB
-
MD5
c2d7638f1b0fba63a9f60d51c8d68e79
-
SHA1
2cd829b2d2c25f29ca6b3b520784b029355edcef
-
SHA256
684b3559cee2ce8907739d016f2da360e91b753462c054f3be64e874581b5e7b
-
SHA512
061ed2266a39cb0df01940e0cab2646db7edd4904d5589b7747772148c734e18078de4ad6c2cb50046a99f863ada8ca43e295f11879b70d1f16785eac5d0b5d8
-
SSDEEP
3072:k2kfHntlFLOB15qE8qOjEpydJLpn22+gcwjDAbEa3Qy/:+lFLOBw1jIYhpeTEaA
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-