General
-
Target
bc7a6a99f8098c88657f4043f7208c09137518f7c6966b8de4fe92d8afdd479a
-
Size
306KB
-
Sample
220619-zjjbzsbhfk
-
MD5
2f181490b99cd4ea14b0612e78e098a8
-
SHA1
f1d1cb5ab58bf2cf2620250145458478a9258f02
-
SHA256
bc7a6a99f8098c88657f4043f7208c09137518f7c6966b8de4fe92d8afdd479a
-
SHA512
642f59fa96dc0ccd246e2bf018a8ca8deb73d18253c141b79f64ee30df5070cc74cabca4700367bbc1d712f2bb10cabac43513b193b77811d873914a97c8f85d
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
bc7a6a99f8098c88657f4043f7208c09137518f7c6966b8de4fe92d8afdd479a
-
Size
306KB
-
MD5
2f181490b99cd4ea14b0612e78e098a8
-
SHA1
f1d1cb5ab58bf2cf2620250145458478a9258f02
-
SHA256
bc7a6a99f8098c88657f4043f7208c09137518f7c6966b8de4fe92d8afdd479a
-
SHA512
642f59fa96dc0ccd246e2bf018a8ca8deb73d18253c141b79f64ee30df5070cc74cabca4700367bbc1d712f2bb10cabac43513b193b77811d873914a97c8f85d
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-