General
-
Target
84e5c974047a59e9c250aa8e93a28b390267eea51a38a711bc28a229bf5eba96.zip
-
Size
160KB
-
Sample
231119-z4dbgace4s
-
MD5
a939994c2c015c1394f62f6279dbef8c
-
SHA1
c3ce705bd1e0e3dc4cf71075d14639521fc5caa3
-
SHA256
f24ca0e6736c057f3dae22b47a8da5d46e9a8abc78918d76d892ce4106b38a2b
-
SHA512
2437b785f0cc262f2f4a8e837be7d6d1d26914cfdc66d94c2c497196ba1744223cf2e9d88ee6b7e8767550c7eab28b5ebbc831448d6ac82ede4608304506cfb0
-
SSDEEP
3072:1dXby5HfqLTAul4H26r2DWn7WkZyChhhkpgPXnYGAIFyDNHjXq9S:1Vy5C/l4W6J3yCDhUDGUb
Static task
static1
Behavioral task
behavioral1
Sample
84e5c974047a59e9c250aa8e93a28b390267eea51a38a711bc28a229bf5eba96.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
84e5c974047a59e9c250aa8e93a28b390267eea51a38a711bc28a229bf5eba96.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
84e5c974047a59e9c250aa8e93a28b390267eea51a38a711bc28a229bf5eba96.exe
-
Size
247KB
-
MD5
17f7e745dbc9477f5edbb4a02df91b06
-
SHA1
896216645904844e1c012a4ce76234d0c6795f97
-
SHA256
84e5c974047a59e9c250aa8e93a28b390267eea51a38a711bc28a229bf5eba96
-
SHA512
b36ee1060d897d5b19e0e779ca48f9a7a336bcce2700c9c6c6eb549dfd9a49174262d39655079e0704a44749e280aefcb9813da4b7ce354b2105b74f374c2e9b
-
SSDEEP
6144:h/1BvthPXgbdbpePeXYD4JFKtFF9duXI5:J1FLfOBsee44F9duXI
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2