General
-
Target
2bf4ef082121003e7e9e9ff018dc5a4690538598366543223a9ed5557a9d867e
-
Size
299KB
-
Sample
220619-ftrlkadahk
-
MD5
c65453888ba36756943894d3282563fc
-
SHA1
130a0daff88260539c16d66049efb9f0f40e019d
-
SHA256
2bf4ef082121003e7e9e9ff018dc5a4690538598366543223a9ed5557a9d867e
-
SHA512
e334ddfd4e070ed320d0352335519e52a1155e49d748571123d4be2ac6d944d5a503d43ea64445e21a5e6191256beb553d3c7f0b07cb73a6944778b8cf8d874b
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
2bf4ef082121003e7e9e9ff018dc5a4690538598366543223a9ed5557a9d867e
-
Size
299KB
-
MD5
c65453888ba36756943894d3282563fc
-
SHA1
130a0daff88260539c16d66049efb9f0f40e019d
-
SHA256
2bf4ef082121003e7e9e9ff018dc5a4690538598366543223a9ed5557a9d867e
-
SHA512
e334ddfd4e070ed320d0352335519e52a1155e49d748571123d4be2ac6d944d5a503d43ea64445e21a5e6191256beb553d3c7f0b07cb73a6944778b8cf8d874b
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-