General
-
Target
5dac3929cef81859508176561ecac8da58f953b98bb6e041ebe77fa7df404f7b
-
Size
185KB
-
Sample
220613-ax436schel
-
MD5
8c37838f2639571f8d26b486938a26bd
-
SHA1
38d85e4a954c55c4c7d3326622ec86699173bbd2
-
SHA256
5dac3929cef81859508176561ecac8da58f953b98bb6e041ebe77fa7df404f7b
-
SHA512
105b43eb5df4feb134b065ebeb9eccdea6071626db2f7877b79f15477261a4d04d0a679f97021e4b0355a62b2b865c3a09f3b02e93e10feafe9dcfde889f2901
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
5dac3929cef81859508176561ecac8da58f953b98bb6e041ebe77fa7df404f7b
-
Size
185KB
-
MD5
8c37838f2639571f8d26b486938a26bd
-
SHA1
38d85e4a954c55c4c7d3326622ec86699173bbd2
-
SHA256
5dac3929cef81859508176561ecac8da58f953b98bb6e041ebe77fa7df404f7b
-
SHA512
105b43eb5df4feb134b065ebeb9eccdea6071626db2f7877b79f15477261a4d04d0a679f97021e4b0355a62b2b865c3a09f3b02e93e10feafe9dcfde889f2901
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-