General
-
Target
7e57e1bdfbf07f24fa398b4f067fcf3f7147146c5627a6419e8c006e89d564f2
-
Size
210KB
-
Sample
220613-ywlr7saebm
-
MD5
b6d837eb16f4da4c73c2d6dc635c61e2
-
SHA1
c850780b213a15366e8fcd492efa440bbab94aee
-
SHA256
7e57e1bdfbf07f24fa398b4f067fcf3f7147146c5627a6419e8c006e89d564f2
-
SHA512
9434a1aeee5e3bbc40b6c0612274446afa3b6ea56d9328f976ae294da15d2e132a08841288a2880e33cd0825eca67552067233e52b2015a0ed1b597e73030631
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
7e57e1bdfbf07f24fa398b4f067fcf3f7147146c5627a6419e8c006e89d564f2
-
Size
210KB
-
MD5
b6d837eb16f4da4c73c2d6dc635c61e2
-
SHA1
c850780b213a15366e8fcd492efa440bbab94aee
-
SHA256
7e57e1bdfbf07f24fa398b4f067fcf3f7147146c5627a6419e8c006e89d564f2
-
SHA512
9434a1aeee5e3bbc40b6c0612274446afa3b6ea56d9328f976ae294da15d2e132a08841288a2880e33cd0825eca67552067233e52b2015a0ed1b597e73030631
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-