General
-
Target
443befb14d3cbe5c6d57768b5a23b1c262625c9f166708004d58ec624bb51051
-
Size
309KB
-
Sample
220619-dqz3escgbp
-
MD5
6e065897fac3e16e1b60f1ba481302a8
-
SHA1
9d03a3d110dd435641f5c282a3ec1f9d77b656a6
-
SHA256
443befb14d3cbe5c6d57768b5a23b1c262625c9f166708004d58ec624bb51051
-
SHA512
38e328d0d4646de2558d0fb279d0fd73d1cc7dfb846a337d8934bb4fc1b9779d5fe2e589883cccd18ca7c3e5b6659a09b3b1008e9de3c3eee5df0490dd99e708
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
443befb14d3cbe5c6d57768b5a23b1c262625c9f166708004d58ec624bb51051
-
Size
309KB
-
MD5
6e065897fac3e16e1b60f1ba481302a8
-
SHA1
9d03a3d110dd435641f5c282a3ec1f9d77b656a6
-
SHA256
443befb14d3cbe5c6d57768b5a23b1c262625c9f166708004d58ec624bb51051
-
SHA512
38e328d0d4646de2558d0fb279d0fd73d1cc7dfb846a337d8934bb4fc1b9779d5fe2e589883cccd18ca7c3e5b6659a09b3b1008e9de3c3eee5df0490dd99e708
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-