General
-
Target
50825c2bfc803e61e4bf8f1c7a5f624773bc7fa93a7b7f33332bc2538cb7374c
-
Size
185KB
-
Sample
220613-bmfs9shbd3
-
MD5
b4dbd9662269bedb3fe1c976bb9849bb
-
SHA1
3f727ee4a95e36e067fdb5561c85a587933fef14
-
SHA256
50825c2bfc803e61e4bf8f1c7a5f624773bc7fa93a7b7f33332bc2538cb7374c
-
SHA512
a51e47003c53691c83000a169a61e56e62c900212a633400406a6d0b486d6bc1ca0a8f4a78290068de332fd149191c6f8af18fc32bdd121335f103236c27e66d
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
50825c2bfc803e61e4bf8f1c7a5f624773bc7fa93a7b7f33332bc2538cb7374c
-
Size
185KB
-
MD5
b4dbd9662269bedb3fe1c976bb9849bb
-
SHA1
3f727ee4a95e36e067fdb5561c85a587933fef14
-
SHA256
50825c2bfc803e61e4bf8f1c7a5f624773bc7fa93a7b7f33332bc2538cb7374c
-
SHA512
a51e47003c53691c83000a169a61e56e62c900212a633400406a6d0b486d6bc1ca0a8f4a78290068de332fd149191c6f8af18fc32bdd121335f103236c27e66d
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-