General
-
Target
239fd930694473af362be2dc3f69356a93c407664fcf775e83e2a7f98eccc0ab
-
Size
199KB
-
Sample
220604-wj9mdshgh7
-
MD5
dbb320cd3332f6da387c08cc81c6e0d0
-
SHA1
253d3870fc47543eba68c12d22203d772686de7f
-
SHA256
239fd930694473af362be2dc3f69356a93c407664fcf775e83e2a7f98eccc0ab
-
SHA512
64fb6410897616f1ba222ddc69c6a72ea815ce4f4833f536aafa6546f5c40f5ed1378a9a4c7ebbc02c581116e11ac959a7d72bf530e1d082547fbf1b63835c06
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
239fd930694473af362be2dc3f69356a93c407664fcf775e83e2a7f98eccc0ab
-
Size
199KB
-
MD5
dbb320cd3332f6da387c08cc81c6e0d0
-
SHA1
253d3870fc47543eba68c12d22203d772686de7f
-
SHA256
239fd930694473af362be2dc3f69356a93c407664fcf775e83e2a7f98eccc0ab
-
SHA512
64fb6410897616f1ba222ddc69c6a72ea815ce4f4833f536aafa6546f5c40f5ed1378a9a4c7ebbc02c581116e11ac959a7d72bf530e1d082547fbf1b63835c06
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-