General
-
Target
98d887d259402f3be8d1fbf9769b3d056a631a6b98ef92b0f8d1ac00b5391bba
-
Size
215KB
-
Sample
220612-nb8q5ahdar
-
MD5
dfb9e15adde243f330fc751aa8f67b2a
-
SHA1
1c7b21bb0c3da56c8ccdfda858a04e6ca05609c9
-
SHA256
98d887d259402f3be8d1fbf9769b3d056a631a6b98ef92b0f8d1ac00b5391bba
-
SHA512
dabe8f9f70de3cdae3efe486dc4a35592b7a722a6288164ec91947d05254541c226e4573312b20296156d2ec3c4239ad18332d78fc6b33e5731f7fcc61b27037
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
98d887d259402f3be8d1fbf9769b3d056a631a6b98ef92b0f8d1ac00b5391bba
-
Size
215KB
-
MD5
dfb9e15adde243f330fc751aa8f67b2a
-
SHA1
1c7b21bb0c3da56c8ccdfda858a04e6ca05609c9
-
SHA256
98d887d259402f3be8d1fbf9769b3d056a631a6b98ef92b0f8d1ac00b5391bba
-
SHA512
dabe8f9f70de3cdae3efe486dc4a35592b7a722a6288164ec91947d05254541c226e4573312b20296156d2ec3c4239ad18332d78fc6b33e5731f7fcc61b27037
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-