General
-
Target
0ba0e37a9c0f0f22a84fba5d7185bbace809fec63d36d0b13d21f608886aa6a8
-
Size
260KB
-
Sample
220614-hynftagfc9
-
MD5
6ee91960145ea5ee564d9aaf601c5e1b
-
SHA1
fd63dbd73bf4dd2816ab2b22ee688e798e9718c5
-
SHA256
0ba0e37a9c0f0f22a84fba5d7185bbace809fec63d36d0b13d21f608886aa6a8
-
SHA512
433fec04e66f034561bde03748567ec077a4ba8de43de2657566cf0625e60141658f49ee4e06f7c7ae1dbcce95640ae07143475da6dbed1ed88a28c19dfdf835
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
0ba0e37a9c0f0f22a84fba5d7185bbace809fec63d36d0b13d21f608886aa6a8
-
Size
260KB
-
MD5
6ee91960145ea5ee564d9aaf601c5e1b
-
SHA1
fd63dbd73bf4dd2816ab2b22ee688e798e9718c5
-
SHA256
0ba0e37a9c0f0f22a84fba5d7185bbace809fec63d36d0b13d21f608886aa6a8
-
SHA512
433fec04e66f034561bde03748567ec077a4ba8de43de2657566cf0625e60141658f49ee4e06f7c7ae1dbcce95640ae07143475da6dbed1ed88a28c19dfdf835
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-