General
-
Target
b465169b4bf6f1e081701bca58058a60401acf2915b1b286fdaaa81cc77ada7c
-
Size
199KB
-
Sample
220604-ta325sdgc5
-
MD5
14987e8df1d6ff97c7b973bb38a71109
-
SHA1
cace96f68af77c85624f9d193636cf3a748134d5
-
SHA256
b465169b4bf6f1e081701bca58058a60401acf2915b1b286fdaaa81cc77ada7c
-
SHA512
58fa2a35d41c34be6d61af4318206c8217c9ed3fcbdd02bddcace39688285d96cb1408abffc32ac18c6c866701d05da0dc88c2610811d6b3cea408aa3c08f021
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
b465169b4bf6f1e081701bca58058a60401acf2915b1b286fdaaa81cc77ada7c
-
Size
199KB
-
MD5
14987e8df1d6ff97c7b973bb38a71109
-
SHA1
cace96f68af77c85624f9d193636cf3a748134d5
-
SHA256
b465169b4bf6f1e081701bca58058a60401acf2915b1b286fdaaa81cc77ada7c
-
SHA512
58fa2a35d41c34be6d61af4318206c8217c9ed3fcbdd02bddcace39688285d96cb1408abffc32ac18c6c866701d05da0dc88c2610811d6b3cea408aa3c08f021
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-