General
-
Target
d764faeb00df45fb6896a7a0d8564cabc237c80541bb737703a143527b9d5885
-
Size
265KB
-
Sample
220605-svflxabge2
-
MD5
de9efe710505ba1c853be385bd87bcae
-
SHA1
8b4bfd41b6908ea6ff157fca4770c7788d5f8d36
-
SHA256
d764faeb00df45fb6896a7a0d8564cabc237c80541bb737703a143527b9d5885
-
SHA512
b8344049b71aa49358923191d200608d467ad56452b7dd93a671537ebd3aa698df38231db6dcded3c934b644c1c140a88a8e5a9c18af3a8cdc0457bf96df1c13
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
d764faeb00df45fb6896a7a0d8564cabc237c80541bb737703a143527b9d5885
-
Size
265KB
-
MD5
de9efe710505ba1c853be385bd87bcae
-
SHA1
8b4bfd41b6908ea6ff157fca4770c7788d5f8d36
-
SHA256
d764faeb00df45fb6896a7a0d8564cabc237c80541bb737703a143527b9d5885
-
SHA512
b8344049b71aa49358923191d200608d467ad56452b7dd93a671537ebd3aa698df38231db6dcded3c934b644c1c140a88a8e5a9c18af3a8cdc0457bf96df1c13
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-