General
-
Target
8cc65f1af740d8244e3b3a53e7c89fd11eabaec8830ff6ad0f7c4950f1c66263
-
Size
240KB
-
Sample
220809-sp5c3scafq
-
MD5
602e7062838eefd72e4320482c71b6c7
-
SHA1
0ed4fb5a0606a213527c18db51fbffc512f46cd4
-
SHA256
8cc65f1af740d8244e3b3a53e7c89fd11eabaec8830ff6ad0f7c4950f1c66263
-
SHA512
826223c6e55b50661fbd9b8205048d656429ea12359b4151be208d157648f81d53b3970bbe49419a9bba8d1351c2c502c47e2e395fccc08e7e448935c1bc787b
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
8cc65f1af740d8244e3b3a53e7c89fd11eabaec8830ff6ad0f7c4950f1c66263
-
Size
240KB
-
MD5
602e7062838eefd72e4320482c71b6c7
-
SHA1
0ed4fb5a0606a213527c18db51fbffc512f46cd4
-
SHA256
8cc65f1af740d8244e3b3a53e7c89fd11eabaec8830ff6ad0f7c4950f1c66263
-
SHA512
826223c6e55b50661fbd9b8205048d656429ea12359b4151be208d157648f81d53b3970bbe49419a9bba8d1351c2c502c47e2e395fccc08e7e448935c1bc787b
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-