General
-
Target
a32cb954b59474466a9eaf3a821fd6c4331b95855e4f80f960fa938e51f5faaf
-
Size
222KB
-
Sample
220612-j52sfsdahn
-
MD5
ea91b1adb85d158336aed7e6ad4806fc
-
SHA1
281b3a7434f537dae73cde3a0426f9d75181ae36
-
SHA256
a32cb954b59474466a9eaf3a821fd6c4331b95855e4f80f960fa938e51f5faaf
-
SHA512
ef015dcbe63d5d2a287c681b111acc8f95d2df179c58f2683258537e2426e02079b0c3a48a78b8e30ab875f3457ddc9e199bb2c9f8a789550b9cfae92edb0ce1
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
a32cb954b59474466a9eaf3a821fd6c4331b95855e4f80f960fa938e51f5faaf
-
Size
222KB
-
MD5
ea91b1adb85d158336aed7e6ad4806fc
-
SHA1
281b3a7434f537dae73cde3a0426f9d75181ae36
-
SHA256
a32cb954b59474466a9eaf3a821fd6c4331b95855e4f80f960fa938e51f5faaf
-
SHA512
ef015dcbe63d5d2a287c681b111acc8f95d2df179c58f2683258537e2426e02079b0c3a48a78b8e30ab875f3457ddc9e199bb2c9f8a789550b9cfae92edb0ce1
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-