General
-
Target
311d4b4d93cd71ef0565ac79587e5ac0df6008f548ff506bc9a500dbda20ac8e
-
Size
196KB
-
Sample
220604-bwmyyagfdk
-
MD5
0dbf6d3cc1a2af87d384ba6a74c93777
-
SHA1
dd285fe4e8f42c39d8729ac7862f4a189873f1cf
-
SHA256
311d4b4d93cd71ef0565ac79587e5ac0df6008f548ff506bc9a500dbda20ac8e
-
SHA512
522d7e0fcba697d673408f80123cdedb19ed0143302d8da363667ecdc6df13dfee29e7cbc5be0fd8608f74c6ac0172ed4917a65088439a2080df54f737dbc87d
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
311d4b4d93cd71ef0565ac79587e5ac0df6008f548ff506bc9a500dbda20ac8e
-
Size
196KB
-
MD5
0dbf6d3cc1a2af87d384ba6a74c93777
-
SHA1
dd285fe4e8f42c39d8729ac7862f4a189873f1cf
-
SHA256
311d4b4d93cd71ef0565ac79587e5ac0df6008f548ff506bc9a500dbda20ac8e
-
SHA512
522d7e0fcba697d673408f80123cdedb19ed0143302d8da363667ecdc6df13dfee29e7cbc5be0fd8608f74c6ac0172ed4917a65088439a2080df54f737dbc87d
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-