General
-
Target
a1c9d7d5091f166d03f93df1d3269a6c69992e6e341b1589cc23d4a7542e13c8
-
Size
266KB
-
Sample
220605-t6q3fscad6
-
MD5
5776bc1023f6b1b5f7d9c5b39eaa43d2
-
SHA1
3683e53820c2dc4586bce7ae76ff6ae408854f71
-
SHA256
a1c9d7d5091f166d03f93df1d3269a6c69992e6e341b1589cc23d4a7542e13c8
-
SHA512
61b1d8fee0414e3c1927b5581169a635e311b506254755e9f8bbe6b94e2c05325bebc5288274e90efdc83e963681e080b7b75c49b6078309dcad68941cc8b280
Static task
static1
Behavioral task
behavioral1
Sample
a1c9d7d5091f166d03f93df1d3269a6c69992e6e341b1589cc23d4a7542e13c8.exe
Resource
win10-20220414-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
a1c9d7d5091f166d03f93df1d3269a6c69992e6e341b1589cc23d4a7542e13c8
-
Size
266KB
-
MD5
5776bc1023f6b1b5f7d9c5b39eaa43d2
-
SHA1
3683e53820c2dc4586bce7ae76ff6ae408854f71
-
SHA256
a1c9d7d5091f166d03f93df1d3269a6c69992e6e341b1589cc23d4a7542e13c8
-
SHA512
61b1d8fee0414e3c1927b5581169a635e311b506254755e9f8bbe6b94e2c05325bebc5288274e90efdc83e963681e080b7b75c49b6078309dcad68941cc8b280
-
XMRig Miner Payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Accesses Microsoft Outlook profiles
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-