General
-
Target
05cd22b18226bdd09ce808d7502ae4882b4f714852930e10c2eb717f0e8a1129
-
Size
218KB
-
Sample
220612-sv4zhafagj
-
MD5
8d9800dc5faf8610ce328bccb4fffc38
-
SHA1
f22bc01b7f6b4798fcce2465ddf502f28820cdc6
-
SHA256
05cd22b18226bdd09ce808d7502ae4882b4f714852930e10c2eb717f0e8a1129
-
SHA512
1206705fce4f116afa888a7ac62b188a810df3314f0989c8bc2412ddade3856ebf9a3a76c3d0464611aaf041e606df95c6e00bac998af6f6a2031e98f4e9e912
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
05cd22b18226bdd09ce808d7502ae4882b4f714852930e10c2eb717f0e8a1129
-
Size
218KB
-
MD5
8d9800dc5faf8610ce328bccb4fffc38
-
SHA1
f22bc01b7f6b4798fcce2465ddf502f28820cdc6
-
SHA256
05cd22b18226bdd09ce808d7502ae4882b4f714852930e10c2eb717f0e8a1129
-
SHA512
1206705fce4f116afa888a7ac62b188a810df3314f0989c8bc2412ddade3856ebf9a3a76c3d0464611aaf041e606df95c6e00bac998af6f6a2031e98f4e9e912
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-