General
-
Target
38da347197223e7ece735f1d9861cfff092bc5969f88617750310593bb342ba5
-
Size
183KB
-
Sample
220612-wn4xpsadhk
-
MD5
baf9e1ebf363aa599cf014c312bb1384
-
SHA1
c418910ddf194826be819b0e83fb21964bb09d51
-
SHA256
38da347197223e7ece735f1d9861cfff092bc5969f88617750310593bb342ba5
-
SHA512
4bd397123101a7034da4614207e2a553e144fee02d50809b232b3f482c415fbcfb589e12f42ba8e1ed81eca19edaf2a42815b021d5bd91bb27bc49cbd85bfe32
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
38da347197223e7ece735f1d9861cfff092bc5969f88617750310593bb342ba5
-
Size
183KB
-
MD5
baf9e1ebf363aa599cf014c312bb1384
-
SHA1
c418910ddf194826be819b0e83fb21964bb09d51
-
SHA256
38da347197223e7ece735f1d9861cfff092bc5969f88617750310593bb342ba5
-
SHA512
4bd397123101a7034da4614207e2a553e144fee02d50809b232b3f482c415fbcfb589e12f42ba8e1ed81eca19edaf2a42815b021d5bd91bb27bc49cbd85bfe32
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-