General
-
Target
59eaba824f3f262154cb144dd966120233f9237f8280c10b6923f4d5d3419003
-
Size
261KB
-
Sample
220614-kadb2shad2
-
MD5
d3ebe2ab626575cd3b4423e9f81b5e7d
-
SHA1
6f20ed05e2b5b9853a43e69fc15c830dc6c2b94c
-
SHA256
59eaba824f3f262154cb144dd966120233f9237f8280c10b6923f4d5d3419003
-
SHA512
1c2473a5ae53976502625445db533313e4b556b43d6eea7c79d8cf533c5441fcf64ff76379f21b2402b255807385ca781f8796f9ea973a6f3262a26609ae409e
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
59eaba824f3f262154cb144dd966120233f9237f8280c10b6923f4d5d3419003
-
Size
261KB
-
MD5
d3ebe2ab626575cd3b4423e9f81b5e7d
-
SHA1
6f20ed05e2b5b9853a43e69fc15c830dc6c2b94c
-
SHA256
59eaba824f3f262154cb144dd966120233f9237f8280c10b6923f4d5d3419003
-
SHA512
1c2473a5ae53976502625445db533313e4b556b43d6eea7c79d8cf533c5441fcf64ff76379f21b2402b255807385ca781f8796f9ea973a6f3262a26609ae409e
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-