General
-
Target
324c3e532131a50dcea6e8c6992d0fa92642d1607608595bdf620fec0abf1993
-
Size
244KB
-
Sample
220809-a11j6aadgl
-
MD5
c56137400e24b380053c03742eb4777a
-
SHA1
f07c571e204377d776f5e045d26aedbda54385f2
-
SHA256
324c3e532131a50dcea6e8c6992d0fa92642d1607608595bdf620fec0abf1993
-
SHA512
cde0a44d29b449ac347f9832f33fbce118ef6a391d0b8774b4e0b6706e5cb2c9c5374504fc4f522822d95a99f5b29f6a2582825d1d430ec6d2929806b55d40fc
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
324c3e532131a50dcea6e8c6992d0fa92642d1607608595bdf620fec0abf1993
-
Size
244KB
-
MD5
c56137400e24b380053c03742eb4777a
-
SHA1
f07c571e204377d776f5e045d26aedbda54385f2
-
SHA256
324c3e532131a50dcea6e8c6992d0fa92642d1607608595bdf620fec0abf1993
-
SHA512
cde0a44d29b449ac347f9832f33fbce118ef6a391d0b8774b4e0b6706e5cb2c9c5374504fc4f522822d95a99f5b29f6a2582825d1d430ec6d2929806b55d40fc
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-