General
-
Target
e53aa8e9a863ccae3ad30b9ddb32216cb009bdd975fa3f0ef6d6bb49ef8489c0
-
Size
184KB
-
Sample
220613-cycresdcfn
-
MD5
2c85a0479cee935b005d4fa6731a068c
-
SHA1
9fe94c82ed14605b250f66c87b10f974a41b53f5
-
SHA256
e53aa8e9a863ccae3ad30b9ddb32216cb009bdd975fa3f0ef6d6bb49ef8489c0
-
SHA512
4afdfd9037323249a176f31b8b138e38b9dd8dba1c268a8a597d2504960ff65b61edad677cf6fbc9414ca6bef83f44826b55fd6326f781a5afa242e1dc3fd2e4
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
e53aa8e9a863ccae3ad30b9ddb32216cb009bdd975fa3f0ef6d6bb49ef8489c0
-
Size
184KB
-
MD5
2c85a0479cee935b005d4fa6731a068c
-
SHA1
9fe94c82ed14605b250f66c87b10f974a41b53f5
-
SHA256
e53aa8e9a863ccae3ad30b9ddb32216cb009bdd975fa3f0ef6d6bb49ef8489c0
-
SHA512
4afdfd9037323249a176f31b8b138e38b9dd8dba1c268a8a597d2504960ff65b61edad677cf6fbc9414ca6bef83f44826b55fd6326f781a5afa242e1dc3fd2e4
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-