General
-
Target
463a8709d458aebc97ab86e3550798dcbdc713413f96ecb7f350b349f7533b0c
-
Size
261KB
-
Sample
220606-mj16ksfdd7
-
MD5
c1790ce24f666c38be9ad5e7bc329bad
-
SHA1
49ecbd9382d4e5986d78b893be72391aa6f61f66
-
SHA256
463a8709d458aebc97ab86e3550798dcbdc713413f96ecb7f350b349f7533b0c
-
SHA512
11c883dea9671a3d39038f6bb39bbd978d419fbbc6837e10143593b88c35a0390efcf3317e604b14e10fb108a64a40d9a4c3820baf421ae2dc0eddcfccbf51ad
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
463a8709d458aebc97ab86e3550798dcbdc713413f96ecb7f350b349f7533b0c
-
Size
261KB
-
MD5
c1790ce24f666c38be9ad5e7bc329bad
-
SHA1
49ecbd9382d4e5986d78b893be72391aa6f61f66
-
SHA256
463a8709d458aebc97ab86e3550798dcbdc713413f96ecb7f350b349f7533b0c
-
SHA512
11c883dea9671a3d39038f6bb39bbd978d419fbbc6837e10143593b88c35a0390efcf3317e604b14e10fb108a64a40d9a4c3820baf421ae2dc0eddcfccbf51ad
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-