General
-
Target
7771baca230cbf7a7b21ec28e6b5c79377d9a17c32b0fbefdad25bda9f32de58
-
Size
306KB
-
Sample
220619-s7k26ahef8
-
MD5
9a2f50da057a43097663ae5bd246cac1
-
SHA1
7852a7ef56f9eff04f0560a7c440d2072ff0f57d
-
SHA256
7771baca230cbf7a7b21ec28e6b5c79377d9a17c32b0fbefdad25bda9f32de58
-
SHA512
04613b608cf2b546206b882e7c2a10c2268581df2429ab90f91e9df304e531a81786b4b88e24d1d56c0870de3604e3fe1276b8c6408dcccb53555766c77fb11f
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
7771baca230cbf7a7b21ec28e6b5c79377d9a17c32b0fbefdad25bda9f32de58
-
Size
306KB
-
MD5
9a2f50da057a43097663ae5bd246cac1
-
SHA1
7852a7ef56f9eff04f0560a7c440d2072ff0f57d
-
SHA256
7771baca230cbf7a7b21ec28e6b5c79377d9a17c32b0fbefdad25bda9f32de58
-
SHA512
04613b608cf2b546206b882e7c2a10c2268581df2429ab90f91e9df304e531a81786b4b88e24d1d56c0870de3604e3fe1276b8c6408dcccb53555766c77fb11f
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-