General
-
Target
d093330127cd6c30968467a9336881ab023acf4cba757f6dd5ac566b1b2285b3
-
Size
144KB
-
Sample
220606-tptf9adhel
-
MD5
bc0efc29203646c036ac74c7ced8ab5b
-
SHA1
1bf2e994be6bd78ae7ef4ef11e1cac0d159f5f84
-
SHA256
4c36dc53a4da6637f1d99a121a74eafacd51abf88dd5931e90824f15258258a3
-
SHA512
09aa6d1470d1e7b06f376268190d78eaea416944ee22a0e318d6440c0ee931aa3a79c0deedde1263682bb39397b88e757a9cd709b83d804fdbc141a501156563
Static task
static1
Behavioral task
behavioral1
Sample
d093330127cd6c30968467a9336881ab023acf4cba757f6dd5ac566b1b2285b3.exe
Resource
win7-20220414-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
d093330127cd6c30968467a9336881ab023acf4cba757f6dd5ac566b1b2285b3
-
Size
263KB
-
MD5
d5fb631f61c85ae433748255e294c6ce
-
SHA1
edc47ed3f6e91a3c6f61b2e4ff76a60387792712
-
SHA256
d093330127cd6c30968467a9336881ab023acf4cba757f6dd5ac566b1b2285b3
-
SHA512
236d640cd926e6b5b306464b259e209b77e6201550345ee75e39fa6233c770b6600131d0ff32c1be753d3e8b333bc902338870ff29541aa07f1939fe182e1af1
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-