General
-
Target
3220bd6063d386c5e51b1f13aad50c6d0ac54c52f45911a30b133195ac85d1f6
-
Size
257KB
-
Sample
231121-ffqgcada3w
-
MD5
815a6bc73b581777945c004fbb0df6a8
-
SHA1
281cd70aaa223b57e91d652e03eeeeb1682e5312
-
SHA256
3220bd6063d386c5e51b1f13aad50c6d0ac54c52f45911a30b133195ac85d1f6
-
SHA512
f28e1db3a2eda5b77e531ddbe6c8c15a8c93b6546eddc5206bca7183bbfa3cf4bf0458dfbc6d4af18d8bc7ad2e4093d3360cc071abbb7653c8b55e885dbebefd
-
SSDEEP
3072:zPLwx2C81Tcw2igVdotgCle3Q8dtUqo73NIktGyqPYRB2P7ovb9P4:rU8dX2igqhp8bE73nIfk2jM
Static task
static1
Behavioral task
behavioral1
Sample
3220bd6063d386c5e51b1f13aad50c6d0ac54c52f45911a30b133195ac85d1f6.exe
Resource
win7-20231020-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
3220bd6063d386c5e51b1f13aad50c6d0ac54c52f45911a30b133195ac85d1f6
-
Size
257KB
-
MD5
815a6bc73b581777945c004fbb0df6a8
-
SHA1
281cd70aaa223b57e91d652e03eeeeb1682e5312
-
SHA256
3220bd6063d386c5e51b1f13aad50c6d0ac54c52f45911a30b133195ac85d1f6
-
SHA512
f28e1db3a2eda5b77e531ddbe6c8c15a8c93b6546eddc5206bca7183bbfa3cf4bf0458dfbc6d4af18d8bc7ad2e4093d3360cc071abbb7653c8b55e885dbebefd
-
SSDEEP
3072:zPLwx2C81Tcw2igVdotgCle3Q8dtUqo73NIktGyqPYRB2P7ovb9P4:rU8dX2igqhp8bE73nIfk2jM
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2