General
-
Target
4ebb54ec22b84ff39ccda6bfb43e78099078c56fa9fc9e12e37af92725060a2a
-
Size
313KB
-
Sample
220620-smx6zsgdd3
-
MD5
ae9348857fab75e8711f0854ac29676f
-
SHA1
2365f11df7aec453252e7d4fa405b2d5472cc2a2
-
SHA256
4ebb54ec22b84ff39ccda6bfb43e78099078c56fa9fc9e12e37af92725060a2a
-
SHA512
fdd493704147a286c21ee3f542f8c3fbb890211f73a1bd71d99d899a78557f70fb60bb5bb6e483b931de17a8b23978fa4b5909a1e62687be6993d411fe68c155
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
4ebb54ec22b84ff39ccda6bfb43e78099078c56fa9fc9e12e37af92725060a2a
-
Size
313KB
-
MD5
ae9348857fab75e8711f0854ac29676f
-
SHA1
2365f11df7aec453252e7d4fa405b2d5472cc2a2
-
SHA256
4ebb54ec22b84ff39ccda6bfb43e78099078c56fa9fc9e12e37af92725060a2a
-
SHA512
fdd493704147a286c21ee3f542f8c3fbb890211f73a1bd71d99d899a78557f70fb60bb5bb6e483b931de17a8b23978fa4b5909a1e62687be6993d411fe68c155
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-