General
-
Target
2fed0edd61ada35d4cc3d8c18e47f52e845dbb668b91ec0518c0dee12e3313b5
-
Size
313KB
-
Sample
220620-nlynxafac8
-
MD5
2ef63c72b793d5a7646e9ccf528f502c
-
SHA1
571541e8e638f4d464c38c0410b3e29e8710e992
-
SHA256
2fed0edd61ada35d4cc3d8c18e47f52e845dbb668b91ec0518c0dee12e3313b5
-
SHA512
de0e7bb0a7580edab9327b9cd9cd85b85d5261a5a9d0d4678159bb44ac13774c7332de0fa4a2db16285a90362c9bd5ef18ac384857d541c1c3eb8dee646ce903
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
2fed0edd61ada35d4cc3d8c18e47f52e845dbb668b91ec0518c0dee12e3313b5
-
Size
313KB
-
MD5
2ef63c72b793d5a7646e9ccf528f502c
-
SHA1
571541e8e638f4d464c38c0410b3e29e8710e992
-
SHA256
2fed0edd61ada35d4cc3d8c18e47f52e845dbb668b91ec0518c0dee12e3313b5
-
SHA512
de0e7bb0a7580edab9327b9cd9cd85b85d5261a5a9d0d4678159bb44ac13774c7332de0fa4a2db16285a90362c9bd5ef18ac384857d541c1c3eb8dee646ce903
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-