General
-
Target
6f240dfeafe54414ad03e062083c8e8ab9c513278c6dd32f4d4c2aa3435ae52c
-
Size
309KB
-
Sample
220618-wzh5daaebj
-
MD5
92a61641bf24d199d0c246ee39dc2cb3
-
SHA1
92b81fe6818b16a5a3f73236eb349b6ff6b3c6bb
-
SHA256
6f240dfeafe54414ad03e062083c8e8ab9c513278c6dd32f4d4c2aa3435ae52c
-
SHA512
2a11264b9252d1fc70ef4f59a8b7eb117fc47ee62c61601f223acb7d27afb75b0c4a37bf0b2fd84931cb1dc72094890940f9859c41b59c1914b22033e2996caa
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
6f240dfeafe54414ad03e062083c8e8ab9c513278c6dd32f4d4c2aa3435ae52c
-
Size
309KB
-
MD5
92a61641bf24d199d0c246ee39dc2cb3
-
SHA1
92b81fe6818b16a5a3f73236eb349b6ff6b3c6bb
-
SHA256
6f240dfeafe54414ad03e062083c8e8ab9c513278c6dd32f4d4c2aa3435ae52c
-
SHA512
2a11264b9252d1fc70ef4f59a8b7eb117fc47ee62c61601f223acb7d27afb75b0c4a37bf0b2fd84931cb1dc72094890940f9859c41b59c1914b22033e2996caa
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-