General
-
Target
086772dd77b6f010449cfea5f6106be3873eff9e65550b590a0358d8bffcd2b1
-
Size
209KB
-
Sample
220613-z9ndmafah8
-
MD5
c685b41f84097e1f2db12c7287272e12
-
SHA1
893a99ce4edfe0b8435f744453c69742f2955e98
-
SHA256
086772dd77b6f010449cfea5f6106be3873eff9e65550b590a0358d8bffcd2b1
-
SHA512
01f9d7a64f098ba4d689fe6cc94e1c2ce0b5f20cc51936d3da1e95981c27e1a26e5544d214ad233397a89730df0c74f06ef7bdf6ab4032fecc4aaed9d6f7e37d
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
086772dd77b6f010449cfea5f6106be3873eff9e65550b590a0358d8bffcd2b1
-
Size
209KB
-
MD5
c685b41f84097e1f2db12c7287272e12
-
SHA1
893a99ce4edfe0b8435f744453c69742f2955e98
-
SHA256
086772dd77b6f010449cfea5f6106be3873eff9e65550b590a0358d8bffcd2b1
-
SHA512
01f9d7a64f098ba4d689fe6cc94e1c2ce0b5f20cc51936d3da1e95981c27e1a26e5544d214ad233397a89730df0c74f06ef7bdf6ab4032fecc4aaed9d6f7e37d
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-