General
-
Target
0ec703a207047d728675d8dbec1e8113f82b768145506d0548c03319a94399dd
-
Size
196KB
-
Sample
220604-emdkpahec2
-
MD5
e082b6086c5e209d9f875971bd2a3ba9
-
SHA1
3bfdfac3b28b83686ae95cdb7d69fb72c8ea8b11
-
SHA256
0ec703a207047d728675d8dbec1e8113f82b768145506d0548c03319a94399dd
-
SHA512
9ee57cc10f54137708c112cdd682f0c98ed67cb618aad47ddb2bfc3f5107558c55d57ca3f30bea02f47248b853b71d774bf3834614c1054991bc9be3a2ff762d
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
0ec703a207047d728675d8dbec1e8113f82b768145506d0548c03319a94399dd
-
Size
196KB
-
MD5
e082b6086c5e209d9f875971bd2a3ba9
-
SHA1
3bfdfac3b28b83686ae95cdb7d69fb72c8ea8b11
-
SHA256
0ec703a207047d728675d8dbec1e8113f82b768145506d0548c03319a94399dd
-
SHA512
9ee57cc10f54137708c112cdd682f0c98ed67cb618aad47ddb2bfc3f5107558c55d57ca3f30bea02f47248b853b71d774bf3834614c1054991bc9be3a2ff762d
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-