General
-
Target
5ecb07f30469b708f0dddbfe8ae64b12fa9e7bb8ac12c1e39c8a5b60b913b125
-
Size
262KB
-
Sample
220606-lgezwsbdek
-
MD5
b238397190cef77889f56f811f88d8eb
-
SHA1
2621a4fa22254ab5c18fd62f2e909627781f32d5
-
SHA256
5ecb07f30469b708f0dddbfe8ae64b12fa9e7bb8ac12c1e39c8a5b60b913b125
-
SHA512
c62d9ad34d4c4b665d3d4201fc4a99b8cf8a83ef50855cdfc8f32c57bbd4cf67ff4517edfe39f013392e5a2563e41c9e79e1df8867c95fda664c8c8bc0cfc411
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
5ecb07f30469b708f0dddbfe8ae64b12fa9e7bb8ac12c1e39c8a5b60b913b125
-
Size
262KB
-
MD5
b238397190cef77889f56f811f88d8eb
-
SHA1
2621a4fa22254ab5c18fd62f2e909627781f32d5
-
SHA256
5ecb07f30469b708f0dddbfe8ae64b12fa9e7bb8ac12c1e39c8a5b60b913b125
-
SHA512
c62d9ad34d4c4b665d3d4201fc4a99b8cf8a83ef50855cdfc8f32c57bbd4cf67ff4517edfe39f013392e5a2563e41c9e79e1df8867c95fda664c8c8bc0cfc411
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-