General
-
Target
48bd8b6a659c64b26dec0026b6d5d46f9590074c2c51cb93ec858a99800e065a
-
Size
287KB
-
Sample
220614-pqhzpadhdp
-
MD5
47951a35c71583d26389bc30e527a4fc
-
SHA1
e5f4af1750f6a7b9d483daeebb7f9a5422fcaf68
-
SHA256
48bd8b6a659c64b26dec0026b6d5d46f9590074c2c51cb93ec858a99800e065a
-
SHA512
c3dc8236e8283b0a8a053ef05489706327480c51b7604d7783116e4806db7fa3f73d23f920845c162e767649dfe6fda65f9f7fcb0389c1933da9f1ab72f42e87
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
48bd8b6a659c64b26dec0026b6d5d46f9590074c2c51cb93ec858a99800e065a
-
Size
287KB
-
MD5
47951a35c71583d26389bc30e527a4fc
-
SHA1
e5f4af1750f6a7b9d483daeebb7f9a5422fcaf68
-
SHA256
48bd8b6a659c64b26dec0026b6d5d46f9590074c2c51cb93ec858a99800e065a
-
SHA512
c3dc8236e8283b0a8a053ef05489706327480c51b7604d7783116e4806db7fa3f73d23f920845c162e767649dfe6fda65f9f7fcb0389c1933da9f1ab72f42e87
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-