General
-
Target
49c1877ee2aca3049ce057773a8a3ce407bab5a56c940b33911ff7dc2f9fbd17
-
Size
204KB
-
Sample
220613-yfcjlaadaq
-
MD5
30acdbc45c41f089d662da2cef93bde1
-
SHA1
ed2bdd39057c70d9d6eedb15978b5a7ae147feee
-
SHA256
49c1877ee2aca3049ce057773a8a3ce407bab5a56c940b33911ff7dc2f9fbd17
-
SHA512
6864bd7cb34d319c4c589c3c5ed2f819799b1528522fbda82bbc93263e7e4c9606ec11dc4493263e8d507bc6a005f9e9190615b5415f15d70ed967b3c975c4fc
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
49c1877ee2aca3049ce057773a8a3ce407bab5a56c940b33911ff7dc2f9fbd17
-
Size
204KB
-
MD5
30acdbc45c41f089d662da2cef93bde1
-
SHA1
ed2bdd39057c70d9d6eedb15978b5a7ae147feee
-
SHA256
49c1877ee2aca3049ce057773a8a3ce407bab5a56c940b33911ff7dc2f9fbd17
-
SHA512
6864bd7cb34d319c4c589c3c5ed2f819799b1528522fbda82bbc93263e7e4c9606ec11dc4493263e8d507bc6a005f9e9190615b5415f15d70ed967b3c975c4fc
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-