General
-
Target
7c72154a1e6110efc953126bb8c5a269648ef0369b644c1a7848b4033fe2d09c
-
Size
241KB
-
Sample
220809-ef91baedd8
-
MD5
431ea9f90da9572a94d190f4fd88c558
-
SHA1
73b3d42b281b6ed7454429c84132219b9329f4d3
-
SHA256
7c72154a1e6110efc953126bb8c5a269648ef0369b644c1a7848b4033fe2d09c
-
SHA512
955e8127a0d1ae2c762db67f8db7d4d1cf70d99e6c21e9a311d86bf4b1bcc7ff365f25dade6d0c61f28c88b082714621987af999a8b877d25a8f63812dd225e1
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
7c72154a1e6110efc953126bb8c5a269648ef0369b644c1a7848b4033fe2d09c
-
Size
241KB
-
MD5
431ea9f90da9572a94d190f4fd88c558
-
SHA1
73b3d42b281b6ed7454429c84132219b9329f4d3
-
SHA256
7c72154a1e6110efc953126bb8c5a269648ef0369b644c1a7848b4033fe2d09c
-
SHA512
955e8127a0d1ae2c762db67f8db7d4d1cf70d99e6c21e9a311d86bf4b1bcc7ff365f25dade6d0c61f28c88b082714621987af999a8b877d25a8f63812dd225e1
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-