General
-
Target
c1c835c145d19fdf52e0abc333380f959869bcfcd551e70c83e7b887d764eb73
-
Size
184KB
-
Sample
220612-2xtqzsaefp
-
MD5
0598ba07dbed12ec12db27c6600a78af
-
SHA1
4615fb1b85e90f5a664039dc67488ad6dc6dca1c
-
SHA256
c1c835c145d19fdf52e0abc333380f959869bcfcd551e70c83e7b887d764eb73
-
SHA512
69da42be53b350bce867b1d2740bac524cc39fc26c06b71eba2fd22650d83470f010b2706e9bd31b3fc5dce704962a4303cc80b4464b5e6374eaefdc0077562d
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
c1c835c145d19fdf52e0abc333380f959869bcfcd551e70c83e7b887d764eb73
-
Size
184KB
-
MD5
0598ba07dbed12ec12db27c6600a78af
-
SHA1
4615fb1b85e90f5a664039dc67488ad6dc6dca1c
-
SHA256
c1c835c145d19fdf52e0abc333380f959869bcfcd551e70c83e7b887d764eb73
-
SHA512
69da42be53b350bce867b1d2740bac524cc39fc26c06b71eba2fd22650d83470f010b2706e9bd31b3fc5dce704962a4303cc80b4464b5e6374eaefdc0077562d
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-