General
-
Target
b15b287c4428437f0e888db066a13543594266d3eea722499e0e5a52eefd5552
-
Size
308KB
-
Sample
220603-wcxn9aggan
-
MD5
5cee6f3f4af41d3bf133f12180fcf7c4
-
SHA1
5d07a9deaa9c0d7bba8c66858ac06a7898196e7c
-
SHA256
b15b287c4428437f0e888db066a13543594266d3eea722499e0e5a52eefd5552
-
SHA512
40348111c41c1003fbb9e0da84c20daa5b366712aea9fce8a96720d1796bdd0aabb8128df092bb9d2807888afbe336f8945dbf126f36cb8eeb53cfb43e344c11
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
b15b287c4428437f0e888db066a13543594266d3eea722499e0e5a52eefd5552
-
Size
308KB
-
MD5
5cee6f3f4af41d3bf133f12180fcf7c4
-
SHA1
5d07a9deaa9c0d7bba8c66858ac06a7898196e7c
-
SHA256
b15b287c4428437f0e888db066a13543594266d3eea722499e0e5a52eefd5552
-
SHA512
40348111c41c1003fbb9e0da84c20daa5b366712aea9fce8a96720d1796bdd0aabb8128df092bb9d2807888afbe336f8945dbf126f36cb8eeb53cfb43e344c11
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-