General
-
Target
d2a15317f29231934ec3f48e53e54a037436bbeed094f91b372e92f445e7efcc
-
Size
299KB
-
Sample
220619-m6e7maebep
-
MD5
97b5cd3c1f12cffc1ce3c6212d6709f6
-
SHA1
d5b5910a7c0418983fe58b256f59c09b99b803a2
-
SHA256
d2a15317f29231934ec3f48e53e54a037436bbeed094f91b372e92f445e7efcc
-
SHA512
a20e7d90180bda7f6cc1eedfe5d5f21057effeab11a8d894a7ac34c3b572780a595a166dd5dee6816fbfb4910bbb95d1107262d352cda7174447fd3f36363f12
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
d2a15317f29231934ec3f48e53e54a037436bbeed094f91b372e92f445e7efcc
-
Size
299KB
-
MD5
97b5cd3c1f12cffc1ce3c6212d6709f6
-
SHA1
d5b5910a7c0418983fe58b256f59c09b99b803a2
-
SHA256
d2a15317f29231934ec3f48e53e54a037436bbeed094f91b372e92f445e7efcc
-
SHA512
a20e7d90180bda7f6cc1eedfe5d5f21057effeab11a8d894a7ac34c3b572780a595a166dd5dee6816fbfb4910bbb95d1107262d352cda7174447fd3f36363f12
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-