General
-
Target
c214d72aa3851fa061d8504301418e8e6e1b859766472faa555ce1b203240bd4
-
Size
259KB
-
Sample
220615-qp7r4abdd6
-
MD5
e32f7f13ebd03792da6837fe1c6f831e
-
SHA1
712235275e30d27d9e2aa0e43f3e95bf9c36700d
-
SHA256
c214d72aa3851fa061d8504301418e8e6e1b859766472faa555ce1b203240bd4
-
SHA512
f187d7e401b1661e10e77bc8421471f0c87f3f45a429ae94951f0f617a046a9cb0a52a2ef0f67aad9ceefc78c845b4469ffdbb1c9dbce5582334757e01a7d1c9
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
c214d72aa3851fa061d8504301418e8e6e1b859766472faa555ce1b203240bd4
-
Size
259KB
-
MD5
e32f7f13ebd03792da6837fe1c6f831e
-
SHA1
712235275e30d27d9e2aa0e43f3e95bf9c36700d
-
SHA256
c214d72aa3851fa061d8504301418e8e6e1b859766472faa555ce1b203240bd4
-
SHA512
f187d7e401b1661e10e77bc8421471f0c87f3f45a429ae94951f0f617a046a9cb0a52a2ef0f67aad9ceefc78c845b4469ffdbb1c9dbce5582334757e01a7d1c9
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-