General
-
Target
c719f453a73d5c68613331107c88d0f00aa7ee7c10566609bfa4e91b26d6f7e9
-
Size
265KB
-
Sample
220605-w4lq3agfck
-
MD5
06d09cd1e888988acc5ec6ad63839bd1
-
SHA1
18e214c4ddd7e87d71cd5d8618e236f95e2802cf
-
SHA256
c719f453a73d5c68613331107c88d0f00aa7ee7c10566609bfa4e91b26d6f7e9
-
SHA512
cd5507e9acf86fe247405316d93dda96163f30df1b4831c046946da782423f3f89a916c7c787ef3c57e39e5057d196dd72b6a36be87648ec866fb031e470bf66
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
c719f453a73d5c68613331107c88d0f00aa7ee7c10566609bfa4e91b26d6f7e9
-
Size
265KB
-
MD5
06d09cd1e888988acc5ec6ad63839bd1
-
SHA1
18e214c4ddd7e87d71cd5d8618e236f95e2802cf
-
SHA256
c719f453a73d5c68613331107c88d0f00aa7ee7c10566609bfa4e91b26d6f7e9
-
SHA512
cd5507e9acf86fe247405316d93dda96163f30df1b4831c046946da782423f3f89a916c7c787ef3c57e39e5057d196dd72b6a36be87648ec866fb031e470bf66
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-