General
-
Target
eef1cf7d639e2d8df65f0e8d28b9f367b6090bb09c074b27dffacb310524e4dc
-
Size
309KB
-
Sample
220618-yjlxfaded5
-
MD5
f9d9b2da88abf8e2c77a83e6a173b214
-
SHA1
3782df9ae63ee74058b57846314bb5cb87c3d7b7
-
SHA256
eef1cf7d639e2d8df65f0e8d28b9f367b6090bb09c074b27dffacb310524e4dc
-
SHA512
0a9520a0b0715dbd8b59dd3c0486ef049e8d86cdd010ec03a106bc21d3ce93d55d7bf60ad9647fd95b26c4d4acc1ba6959ccaa3bbf01e93b6e6dfc6a3ac69f44
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
eef1cf7d639e2d8df65f0e8d28b9f367b6090bb09c074b27dffacb310524e4dc
-
Size
309KB
-
MD5
f9d9b2da88abf8e2c77a83e6a173b214
-
SHA1
3782df9ae63ee74058b57846314bb5cb87c3d7b7
-
SHA256
eef1cf7d639e2d8df65f0e8d28b9f367b6090bb09c074b27dffacb310524e4dc
-
SHA512
0a9520a0b0715dbd8b59dd3c0486ef049e8d86cdd010ec03a106bc21d3ce93d55d7bf60ad9647fd95b26c4d4acc1ba6959ccaa3bbf01e93b6e6dfc6a3ac69f44
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-