General
-
Target
e93c7164c814386e5c2a9711ffc72dbdb66d91414bbc14e276cc2eae2ac2e55b
-
Size
309KB
-
Sample
220619-aaj5gseff9
-
MD5
9a04e30c4df2820e9d40a3c2b0f39b1f
-
SHA1
c6129fd781470864596e2a5c984750c11974ffdc
-
SHA256
e93c7164c814386e5c2a9711ffc72dbdb66d91414bbc14e276cc2eae2ac2e55b
-
SHA512
b32d9d517625dfdba0c4f4611ba0dcd79e254ac1cc34bd0443ddc5a966427ee11a3b3b5cfdaf31e8efc66443c65db4f89a3ecb936341bdf667bbc3a9389955fd
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
e93c7164c814386e5c2a9711ffc72dbdb66d91414bbc14e276cc2eae2ac2e55b
-
Size
309KB
-
MD5
9a04e30c4df2820e9d40a3c2b0f39b1f
-
SHA1
c6129fd781470864596e2a5c984750c11974ffdc
-
SHA256
e93c7164c814386e5c2a9711ffc72dbdb66d91414bbc14e276cc2eae2ac2e55b
-
SHA512
b32d9d517625dfdba0c4f4611ba0dcd79e254ac1cc34bd0443ddc5a966427ee11a3b3b5cfdaf31e8efc66443c65db4f89a3ecb936341bdf667bbc3a9389955fd
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-