General
-
Target
a3f9e37db86f9f1e0d9c58246cb3b75af495b6681e596d1a2c05920b56c39eb0
-
Size
308KB
-
Sample
220618-x1s7eaagbn
-
MD5
72541f5e94fd59687c7a857bb531872a
-
SHA1
e22abc6f1ee814ba56d09d9a539adbe2a9698b99
-
SHA256
a3f9e37db86f9f1e0d9c58246cb3b75af495b6681e596d1a2c05920b56c39eb0
-
SHA512
4aaab79e38d03d28b8bfac3f9e62741b61193940c3537d269de33432acc9136da428d30de089c7e6fbd75af2a1fda53c376f665ed0c1172aee8542c3647ae689
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
a3f9e37db86f9f1e0d9c58246cb3b75af495b6681e596d1a2c05920b56c39eb0
-
Size
308KB
-
MD5
72541f5e94fd59687c7a857bb531872a
-
SHA1
e22abc6f1ee814ba56d09d9a539adbe2a9698b99
-
SHA256
a3f9e37db86f9f1e0d9c58246cb3b75af495b6681e596d1a2c05920b56c39eb0
-
SHA512
4aaab79e38d03d28b8bfac3f9e62741b61193940c3537d269de33432acc9136da428d30de089c7e6fbd75af2a1fda53c376f665ed0c1172aee8542c3647ae689
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-