General
-
Target
91fd30162dc2ee4b22cbe6bdf36bd75df0719456f5d8a6c7ff2309db17531991
-
Size
250KB
-
Sample
220614-nhwedahff9
-
MD5
d729868ac710773872a547775e44db3d
-
SHA1
e1cee3cc497258f26cd7e8d68ffd0d3a161d9b20
-
SHA256
91fd30162dc2ee4b22cbe6bdf36bd75df0719456f5d8a6c7ff2309db17531991
-
SHA512
e3761644f43cc5e2f246922433984b315014a2fd3aa45681c61b2e3a76ccad56553493b093a8776495d917f114eed474014463b721ad3688584239389fa10b5b
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
91fd30162dc2ee4b22cbe6bdf36bd75df0719456f5d8a6c7ff2309db17531991
-
Size
250KB
-
MD5
d729868ac710773872a547775e44db3d
-
SHA1
e1cee3cc497258f26cd7e8d68ffd0d3a161d9b20
-
SHA256
91fd30162dc2ee4b22cbe6bdf36bd75df0719456f5d8a6c7ff2309db17531991
-
SHA512
e3761644f43cc5e2f246922433984b315014a2fd3aa45681c61b2e3a76ccad56553493b093a8776495d917f114eed474014463b721ad3688584239389fa10b5b
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-