General
-
Target
7a4cfb277cc054d761bde28a0f92caa9f142ad61959923a023a0d8248ad1c4ee.zip
-
Size
164KB
-
Sample
231119-zyhc8scd5z
-
MD5
e1f9aba3c21d8bcc79c3164472ed568e
-
SHA1
8c5140c793e49049ea191b9f54768f21d59749ee
-
SHA256
9874bc8b6b78691cd954785c407ca386d5d9cf0b5acb5fb0d903637889734e24
-
SHA512
08ed564dd857aed550bc52b8f0fa1ba26503b6ad792254e29a095424c3cb38fc5ef7727663a386b0035368d0167e1b73cedeec4c36d5b7e03604b99ebde9fec8
-
SSDEEP
3072:Stum6BSGBeab2SX3lxCm0v4/fGBVph/4RBiJxXJzq2AeBuseTs5jBRkRTSd:SABLjQJvqGhh/txXJGVTMjwSd
Static task
static1
Behavioral task
behavioral1
Sample
7a4cfb277cc054d761bde28a0f92caa9f142ad61959923a023a0d8248ad1c4ee.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
7a4cfb277cc054d761bde28a0f92caa9f142ad61959923a023a0d8248ad1c4ee.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
7a4cfb277cc054d761bde28a0f92caa9f142ad61959923a023a0d8248ad1c4ee.exe
-
Size
254KB
-
MD5
02ac11d7691ed7141949fc5c03d5aae8
-
SHA1
b122e23b4dfb29d4efedbbe7a72c75d696f8a7ac
-
SHA256
7a4cfb277cc054d761bde28a0f92caa9f142ad61959923a023a0d8248ad1c4ee
-
SHA512
c437f0cec3cbe5a62a650cafd0814016864c083a2df5a65000d0411b8249daec0744b7c948039a97848135a263ba183a9cb00876fbc3d22ee1e8322dfda0e55e
-
SSDEEP
3072:M9xGAh803FPqB1HzqotaoQpxVKPk4hjw6EX7eUkpvTRSdnbr4rO/p/4CY/:w/8iYlAxVKMuELrdnbr4yG
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2