General
-
Target
750fb1c0adbd3e75a4a398fbc8b185274dd08a662529fe72b962ed7f50b6afb2
-
Size
313KB
-
Sample
220620-mf2myaeef4
-
MD5
8c59fd44034638f1bb8faf8e176f9957
-
SHA1
db22814dda7aa3052159970207ef04c81f489796
-
SHA256
750fb1c0adbd3e75a4a398fbc8b185274dd08a662529fe72b962ed7f50b6afb2
-
SHA512
b02ade51044ab436ee21118bd4ab3029feaf22d0e8e44d96eb9462f0ea462634614c4d452c33f37ebbb6f92cee16e45cdcb526ccae561064391b3b6df508a4b9
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
750fb1c0adbd3e75a4a398fbc8b185274dd08a662529fe72b962ed7f50b6afb2
-
Size
313KB
-
MD5
8c59fd44034638f1bb8faf8e176f9957
-
SHA1
db22814dda7aa3052159970207ef04c81f489796
-
SHA256
750fb1c0adbd3e75a4a398fbc8b185274dd08a662529fe72b962ed7f50b6afb2
-
SHA512
b02ade51044ab436ee21118bd4ab3029feaf22d0e8e44d96eb9462f0ea462634614c4d452c33f37ebbb6f92cee16e45cdcb526ccae561064391b3b6df508a4b9
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-