General
-
Target
d01521ed9d8c3f8ae7c8271488329390e28f8bb8f1a841355c591abfd815dc54
-
Size
310KB
-
Sample
220605-hk394sdabm
-
MD5
f4358961b07728cc44078646e18d5b6e
-
SHA1
b4e7752ceab9deb4b8a6d7fd36e01c094415e7be
-
SHA256
d01521ed9d8c3f8ae7c8271488329390e28f8bb8f1a841355c591abfd815dc54
-
SHA512
6585aa068226d064e80e63101f07d9a1739b6acf214a1a00f6be4b4f4e29a865cba6f66fcec87a58dadfed5adcbf9fea4a3739279f99eb9e933f3e47446fbbc6
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
d01521ed9d8c3f8ae7c8271488329390e28f8bb8f1a841355c591abfd815dc54
-
Size
310KB
-
MD5
f4358961b07728cc44078646e18d5b6e
-
SHA1
b4e7752ceab9deb4b8a6d7fd36e01c094415e7be
-
SHA256
d01521ed9d8c3f8ae7c8271488329390e28f8bb8f1a841355c591abfd815dc54
-
SHA512
6585aa068226d064e80e63101f07d9a1739b6acf214a1a00f6be4b4f4e29a865cba6f66fcec87a58dadfed5adcbf9fea4a3739279f99eb9e933f3e47446fbbc6
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-