General
-
Target
c201a05a47396c93407a2456ea840b26e3f19a83493953015a0f0bd600fb5b0b
-
Size
184KB
-
Sample
220613-es4ztsdfhl
-
MD5
4c7c4bfa661b2380633d8ecbebadae8f
-
SHA1
748d55afa5eaacbb745bd723cfa8fbccdd8f47c3
-
SHA256
c201a05a47396c93407a2456ea840b26e3f19a83493953015a0f0bd600fb5b0b
-
SHA512
fa1ac47366fa8504bee4b2a54dab9a45c9021b507018e51b91c6d18e44f3e49cd042012a3689fa5490c08068fd57c4504bd02cabfb73e19d37e51d600fd4d3d1
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
c201a05a47396c93407a2456ea840b26e3f19a83493953015a0f0bd600fb5b0b
-
Size
184KB
-
MD5
4c7c4bfa661b2380633d8ecbebadae8f
-
SHA1
748d55afa5eaacbb745bd723cfa8fbccdd8f47c3
-
SHA256
c201a05a47396c93407a2456ea840b26e3f19a83493953015a0f0bd600fb5b0b
-
SHA512
fa1ac47366fa8504bee4b2a54dab9a45c9021b507018e51b91c6d18e44f3e49cd042012a3689fa5490c08068fd57c4504bd02cabfb73e19d37e51d600fd4d3d1
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-