General
-
Target
643c97e0ce4453b2f4459dffbdb8c34f4a66509445eda8f074cd9af6e28739bd
-
Size
258KB
-
Sample
220614-e6b6zagah7
-
MD5
1abf29c55787886151effcda20ef1a36
-
SHA1
742c4f837945b760ece7ce1879604717d7f01472
-
SHA256
643c97e0ce4453b2f4459dffbdb8c34f4a66509445eda8f074cd9af6e28739bd
-
SHA512
317b5780ed6c85dc9829fe2e67e0064405e3b7d52c6f7d324fc6bf5c84e1a692b79f88b341799b3fa14d86d6d5d2aada49a0da9416203a4cf9088d9922c97dd2
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
643c97e0ce4453b2f4459dffbdb8c34f4a66509445eda8f074cd9af6e28739bd
-
Size
258KB
-
MD5
1abf29c55787886151effcda20ef1a36
-
SHA1
742c4f837945b760ece7ce1879604717d7f01472
-
SHA256
643c97e0ce4453b2f4459dffbdb8c34f4a66509445eda8f074cd9af6e28739bd
-
SHA512
317b5780ed6c85dc9829fe2e67e0064405e3b7d52c6f7d324fc6bf5c84e1a692b79f88b341799b3fa14d86d6d5d2aada49a0da9416203a4cf9088d9922c97dd2
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-