General
-
Target
ef1bc349c7e228dfdd44637d4421e29c1b0da8f034f0375e54fcd982cbfad5a2
-
Size
306KB
-
Sample
220619-3a6byaffak
-
MD5
424689ac4af0fa036b054a1344c7e18b
-
SHA1
ce55e2c7470134275448c8d8944eaabc6a68078d
-
SHA256
ef1bc349c7e228dfdd44637d4421e29c1b0da8f034f0375e54fcd982cbfad5a2
-
SHA512
4b8ac6c6efe69f21ad6dff5f02952cfc9ea1b8fb589258411d0a172384ab16b64898c5ae5406316df1acad6b4ff849c10c1252c5854edfbd5e22d1fc2484e7f4
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
ef1bc349c7e228dfdd44637d4421e29c1b0da8f034f0375e54fcd982cbfad5a2
-
Size
306KB
-
MD5
424689ac4af0fa036b054a1344c7e18b
-
SHA1
ce55e2c7470134275448c8d8944eaabc6a68078d
-
SHA256
ef1bc349c7e228dfdd44637d4421e29c1b0da8f034f0375e54fcd982cbfad5a2
-
SHA512
4b8ac6c6efe69f21ad6dff5f02952cfc9ea1b8fb589258411d0a172384ab16b64898c5ae5406316df1acad6b4ff849c10c1252c5854edfbd5e22d1fc2484e7f4
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-