General
-
Target
44a9f6c4afa42d63229d179c1697a3350224c2f272fb6605f310ca1dd05866a7
-
Size
215KB
-
Sample
220612-ky8svsafg2
-
MD5
c0fd38c620b6444d29518f81c916e2fe
-
SHA1
8afc3ae7c5fdba88ab25342d6d9c07377158d914
-
SHA256
44a9f6c4afa42d63229d179c1697a3350224c2f272fb6605f310ca1dd05866a7
-
SHA512
4642b8db6d9c7406d39a024afc61e9cec8b2123fa30ab79ef589fb4ddca703c5acb7d810b069cd12d0435ccc63f437dfbcec801e94c457327327c621054c030f
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
44a9f6c4afa42d63229d179c1697a3350224c2f272fb6605f310ca1dd05866a7
-
Size
215KB
-
MD5
c0fd38c620b6444d29518f81c916e2fe
-
SHA1
8afc3ae7c5fdba88ab25342d6d9c07377158d914
-
SHA256
44a9f6c4afa42d63229d179c1697a3350224c2f272fb6605f310ca1dd05866a7
-
SHA512
4642b8db6d9c7406d39a024afc61e9cec8b2123fa30ab79ef589fb4ddca703c5acb7d810b069cd12d0435ccc63f437dfbcec801e94c457327327c621054c030f
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-