General
-
Target
9a256bf141e1b3a1a50cc8f14c5c6b7201e4940072e2685fa4b9fad88822d99a
-
Size
307KB
-
Sample
220619-ngme3sgge2
-
MD5
6e5f32273681f307908896cd96b5086d
-
SHA1
ad47842830dea8521200e30f25ecc56f29f0502f
-
SHA256
9a256bf141e1b3a1a50cc8f14c5c6b7201e4940072e2685fa4b9fad88822d99a
-
SHA512
cbe125006e29365f85747d0861cd94cbb51a94b2aa49449c454138c4a0bf67b687beba438edf8235d59526e8043ace73614d8aadcd05ae57934bc6c4aa286317
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
9a256bf141e1b3a1a50cc8f14c5c6b7201e4940072e2685fa4b9fad88822d99a
-
Size
307KB
-
MD5
6e5f32273681f307908896cd96b5086d
-
SHA1
ad47842830dea8521200e30f25ecc56f29f0502f
-
SHA256
9a256bf141e1b3a1a50cc8f14c5c6b7201e4940072e2685fa4b9fad88822d99a
-
SHA512
cbe125006e29365f85747d0861cd94cbb51a94b2aa49449c454138c4a0bf67b687beba438edf8235d59526e8043ace73614d8aadcd05ae57934bc6c4aa286317
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-