General
-
Target
f29f8f753d8a8207be7e4177fa84d7f4f26373a31d42217b6797112caae396b3
-
Size
191KB
-
Sample
221202-ap7jbsfa44
-
MD5
dcf33cd63e312a454f63a432f6b4ef8f
-
SHA1
f591c66127decb2783334ee8850692df9d7e18e5
-
SHA256
f29f8f753d8a8207be7e4177fa84d7f4f26373a31d42217b6797112caae396b3
-
SHA512
b05b66a840301cad1aa9bd9f73b8f62ad13aa2d32dbba8a9ac1515a836f294f434c9426ab79bc681192503c8c54c6f196920db9d4bbe6d7a7d138f368a89a9f7
-
SSDEEP
3072:jBl1l4ghxXI5ONlNwjzZaUkODD8hlGEUqCtWPQr3Rs9E3AZxpR/SlKG:RhxBzNwjzZfZ0XPQravpR
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
f29f8f753d8a8207be7e4177fa84d7f4f26373a31d42217b6797112caae396b3
-
Size
191KB
-
MD5
dcf33cd63e312a454f63a432f6b4ef8f
-
SHA1
f591c66127decb2783334ee8850692df9d7e18e5
-
SHA256
f29f8f753d8a8207be7e4177fa84d7f4f26373a31d42217b6797112caae396b3
-
SHA512
b05b66a840301cad1aa9bd9f73b8f62ad13aa2d32dbba8a9ac1515a836f294f434c9426ab79bc681192503c8c54c6f196920db9d4bbe6d7a7d138f368a89a9f7
-
SSDEEP
3072:jBl1l4ghxXI5ONlNwjzZaUkODD8hlGEUqCtWPQr3Rs9E3AZxpR/SlKG:RhxBzNwjzZfZ0XPQravpR
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-