General
-
Target
e0e082a3dba1ed790a2a71768e7076032a7452eaafc9f9fe34db0c29cba540c0
-
Size
199KB
-
Sample
220604-x16shaceg2
-
MD5
b50f0dc5c7ee3c652ee02fa51d54ad12
-
SHA1
d2135df15e6c553eddc26c7597caa49954118f32
-
SHA256
e0e082a3dba1ed790a2a71768e7076032a7452eaafc9f9fe34db0c29cba540c0
-
SHA512
edd3a48bea40eddc65d107ca09252ffae6023600359965ad3ee79f00a18dcff88acc19ac40be8fb1c6f5974df15a6110543c7fca9ed425ad9ec37c0348390f8c
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
e0e082a3dba1ed790a2a71768e7076032a7452eaafc9f9fe34db0c29cba540c0
-
Size
199KB
-
MD5
b50f0dc5c7ee3c652ee02fa51d54ad12
-
SHA1
d2135df15e6c553eddc26c7597caa49954118f32
-
SHA256
e0e082a3dba1ed790a2a71768e7076032a7452eaafc9f9fe34db0c29cba540c0
-
SHA512
edd3a48bea40eddc65d107ca09252ffae6023600359965ad3ee79f00a18dcff88acc19ac40be8fb1c6f5974df15a6110543c7fca9ed425ad9ec37c0348390f8c
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-