General
-
Target
bfa8277ba08e0631c7d70d913c2b2f56b03cf066e0be1aa77a7c1c54a8b057f1
-
Size
309KB
-
Sample
220619-bb98qsehh8
-
MD5
b2a418ddb96bf50136a38e4b0f0e95e6
-
SHA1
4de7d3fd8ef7d93a9dfe907d6ce16130e30b1fea
-
SHA256
bfa8277ba08e0631c7d70d913c2b2f56b03cf066e0be1aa77a7c1c54a8b057f1
-
SHA512
242e13d5814a6614cd70b2291df14fd9e17da8cc197f4dec983d25b9f98295091bee238dba418cc26539250a44db32c984892a4eff74ecc7032ca0f6c1daac96
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
bfa8277ba08e0631c7d70d913c2b2f56b03cf066e0be1aa77a7c1c54a8b057f1
-
Size
309KB
-
MD5
b2a418ddb96bf50136a38e4b0f0e95e6
-
SHA1
4de7d3fd8ef7d93a9dfe907d6ce16130e30b1fea
-
SHA256
bfa8277ba08e0631c7d70d913c2b2f56b03cf066e0be1aa77a7c1c54a8b057f1
-
SHA512
242e13d5814a6614cd70b2291df14fd9e17da8cc197f4dec983d25b9f98295091bee238dba418cc26539250a44db32c984892a4eff74ecc7032ca0f6c1daac96
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-