General
-
Target
d91c94a9bfa7af3fc6f147716a0c910551355764f1ee2ade6fe81ba73053b434
-
Size
306KB
-
Sample
220619-pqq1asedhl
-
MD5
733170e83d858fe9087f9fd58f4bbbab
-
SHA1
4841c59c55bae21493b6d55b8b1d717d5715ee8d
-
SHA256
d91c94a9bfa7af3fc6f147716a0c910551355764f1ee2ade6fe81ba73053b434
-
SHA512
326803cb405eaa1e1eecf2456cc6479266d07ea4a1ed85e3d592f3973d12ee4daacf9728208103f8e99d945dd1220eb728d573987ca356cef218bd070ee041b3
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
d91c94a9bfa7af3fc6f147716a0c910551355764f1ee2ade6fe81ba73053b434
-
Size
306KB
-
MD5
733170e83d858fe9087f9fd58f4bbbab
-
SHA1
4841c59c55bae21493b6d55b8b1d717d5715ee8d
-
SHA256
d91c94a9bfa7af3fc6f147716a0c910551355764f1ee2ade6fe81ba73053b434
-
SHA512
326803cb405eaa1e1eecf2456cc6479266d07ea4a1ed85e3d592f3973d12ee4daacf9728208103f8e99d945dd1220eb728d573987ca356cef218bd070ee041b3
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-