General
-
Target
19d5fd9af48ad0c0f64334a459574cc4764cf81cef33245399a24691ec0f33f7
-
Size
307KB
-
Sample
220619-pfkqjaedeq
-
MD5
740f7e1a4e0b8a482b23ebdfbf4d2494
-
SHA1
e35d8811f13b7ca8da6f2c71da6509fee4c9774a
-
SHA256
19d5fd9af48ad0c0f64334a459574cc4764cf81cef33245399a24691ec0f33f7
-
SHA512
5964e979a921a41a9e07ff5b68e1eb65754ed34c389af1bd418adbeb4dadce7a620b6d49d171209b60407453c658d7414de7d8bcb66972abd0e81f0029d04de1
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
19d5fd9af48ad0c0f64334a459574cc4764cf81cef33245399a24691ec0f33f7
-
Size
307KB
-
MD5
740f7e1a4e0b8a482b23ebdfbf4d2494
-
SHA1
e35d8811f13b7ca8da6f2c71da6509fee4c9774a
-
SHA256
19d5fd9af48ad0c0f64334a459574cc4764cf81cef33245399a24691ec0f33f7
-
SHA512
5964e979a921a41a9e07ff5b68e1eb65754ed34c389af1bd418adbeb4dadce7a620b6d49d171209b60407453c658d7414de7d8bcb66972abd0e81f0029d04de1
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-