General
-
Target
b20eeef9ce54ba8b739ab0af0f50c0d16ee64f1234669e62b11f596520294cf5
-
Size
265KB
-
Sample
220606-cndwqsdfd9
-
MD5
f59df1e373fb415c4eff9577a93bbe09
-
SHA1
3f36108b67fd75e83bdb1a38fa4b9bf14d01c811
-
SHA256
b20eeef9ce54ba8b739ab0af0f50c0d16ee64f1234669e62b11f596520294cf5
-
SHA512
ca8e8d40235b5f44c2b29a4b5f0c42a6580d75bc0d4662bd4d78c5fca17c60540fae156cf0943779ae8448ee90868560bd1b5eb38e88f4fd6372f2e4a460c22d
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
b20eeef9ce54ba8b739ab0af0f50c0d16ee64f1234669e62b11f596520294cf5
-
Size
265KB
-
MD5
f59df1e373fb415c4eff9577a93bbe09
-
SHA1
3f36108b67fd75e83bdb1a38fa4b9bf14d01c811
-
SHA256
b20eeef9ce54ba8b739ab0af0f50c0d16ee64f1234669e62b11f596520294cf5
-
SHA512
ca8e8d40235b5f44c2b29a4b5f0c42a6580d75bc0d4662bd4d78c5fca17c60540fae156cf0943779ae8448ee90868560bd1b5eb38e88f4fd6372f2e4a460c22d
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-