General
-
Target
e95194ae1e3182873132379ee2e32da6625c97ec50b7a92901d64bb0d4637164
-
Size
264KB
-
Sample
220606-dts4aaabel
-
MD5
075f14a07e17015cf2a0285518ada2ce
-
SHA1
84838c6d139928e3c9778a9678e63df111786de0
-
SHA256
e95194ae1e3182873132379ee2e32da6625c97ec50b7a92901d64bb0d4637164
-
SHA512
8ec5c0f6236d59a0a971a3c7d0dda4dbd000497df0b69cfde0976c19d305f77da60f3b3ed1a9926a544b19cf7d38d2de833918306dc11a05171e0721e7abdf89
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
e95194ae1e3182873132379ee2e32da6625c97ec50b7a92901d64bb0d4637164
-
Size
264KB
-
MD5
075f14a07e17015cf2a0285518ada2ce
-
SHA1
84838c6d139928e3c9778a9678e63df111786de0
-
SHA256
e95194ae1e3182873132379ee2e32da6625c97ec50b7a92901d64bb0d4637164
-
SHA512
8ec5c0f6236d59a0a971a3c7d0dda4dbd000497df0b69cfde0976c19d305f77da60f3b3ed1a9926a544b19cf7d38d2de833918306dc11a05171e0721e7abdf89
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-