General
-
Target
bcaa7bb880ce6a2960c8917aa3aa38b621f265a10d2b9a4d1d50778378efceed
-
Size
265KB
-
Sample
220605-yq66ysghcn
-
MD5
47d2ce6b706bde1f66d50e135ed808b9
-
SHA1
13271d7496136f7b2322b97efb24ead418331ea4
-
SHA256
bcaa7bb880ce6a2960c8917aa3aa38b621f265a10d2b9a4d1d50778378efceed
-
SHA512
730356a72ddab4d8cd491ae1fd4a0956e630fa1e27ad80dfeb1e1dbde9fc2d0a38ce8eeb8be70500a53ef95ec10d305bb7138d5d9fa8634586307678182fc3b8
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
bcaa7bb880ce6a2960c8917aa3aa38b621f265a10d2b9a4d1d50778378efceed
-
Size
265KB
-
MD5
47d2ce6b706bde1f66d50e135ed808b9
-
SHA1
13271d7496136f7b2322b97efb24ead418331ea4
-
SHA256
bcaa7bb880ce6a2960c8917aa3aa38b621f265a10d2b9a4d1d50778378efceed
-
SHA512
730356a72ddab4d8cd491ae1fd4a0956e630fa1e27ad80dfeb1e1dbde9fc2d0a38ce8eeb8be70500a53ef95ec10d305bb7138d5d9fa8634586307678182fc3b8
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-