General
-
Target
0852e1b072d5450bae37009dad6a6597694aec0efa6535fe0f04ad32566b3ef2
-
Size
300KB
-
Sample
220619-k3pksagdc2
-
MD5
d42a0f37d70a406ecbf8335f18b666eb
-
SHA1
66262e4bfe78f84d949acad1ae23b70c97e4c20b
-
SHA256
0852e1b072d5450bae37009dad6a6597694aec0efa6535fe0f04ad32566b3ef2
-
SHA512
ece53b9f227ea0063663a5fb26f07f504c368ff1e060e1ec554ffe1c4be5adf3bc95cab9f20527fd832b908c07209e50bfa63968c8563f0bf49ecbc271b42d0d
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
0852e1b072d5450bae37009dad6a6597694aec0efa6535fe0f04ad32566b3ef2
-
Size
300KB
-
MD5
d42a0f37d70a406ecbf8335f18b666eb
-
SHA1
66262e4bfe78f84d949acad1ae23b70c97e4c20b
-
SHA256
0852e1b072d5450bae37009dad6a6597694aec0efa6535fe0f04ad32566b3ef2
-
SHA512
ece53b9f227ea0063663a5fb26f07f504c368ff1e060e1ec554ffe1c4be5adf3bc95cab9f20527fd832b908c07209e50bfa63968c8563f0bf49ecbc271b42d0d
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-