General
-
Target
d1ad011fe83db3962763da2d2deb11b4c95c6840401c13147204bd67a6a88a1c
-
Size
310KB
-
Sample
220605-etsyysgbb9
-
MD5
8afbf4b9402bd31fbfbdb3a7ba46b5a6
-
SHA1
b080adea8cf5a7bb04217890414e37bc66717e6c
-
SHA256
d1ad011fe83db3962763da2d2deb11b4c95c6840401c13147204bd67a6a88a1c
-
SHA512
42e67e84f09dfeb6f693fd6f1cb031b27d38ea9b2f3e2ee01dd79423da34c5b0ec57226cfe7eabdf150014cf2516f8ea386ee470d32dc0e0f59b85f4918add97
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
d1ad011fe83db3962763da2d2deb11b4c95c6840401c13147204bd67a6a88a1c
-
Size
310KB
-
MD5
8afbf4b9402bd31fbfbdb3a7ba46b5a6
-
SHA1
b080adea8cf5a7bb04217890414e37bc66717e6c
-
SHA256
d1ad011fe83db3962763da2d2deb11b4c95c6840401c13147204bd67a6a88a1c
-
SHA512
42e67e84f09dfeb6f693fd6f1cb031b27d38ea9b2f3e2ee01dd79423da34c5b0ec57226cfe7eabdf150014cf2516f8ea386ee470d32dc0e0f59b85f4918add97
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-