General
-
Target
3728e0bb98df94d8806e0290e9aebd2e61fd32b418858dc3b13792b6c1798fb8
-
Size
279KB
-
Sample
220808-ycvk1afbfl
-
MD5
d273478c221b76f18b588298b3678155
-
SHA1
5825e3a95c4596414d321834b39f228221fed389
-
SHA256
3728e0bb98df94d8806e0290e9aebd2e61fd32b418858dc3b13792b6c1798fb8
-
SHA512
bfeea9d43d5cebec74e2e56b4065f67952eab95ce9db819386c6f643fea4eb4603a772804abbf4d167b3c47fdfd8d6dc94bf047977f76a710d21887bcba3bb69
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
3728e0bb98df94d8806e0290e9aebd2e61fd32b418858dc3b13792b6c1798fb8
-
Size
279KB
-
MD5
d273478c221b76f18b588298b3678155
-
SHA1
5825e3a95c4596414d321834b39f228221fed389
-
SHA256
3728e0bb98df94d8806e0290e9aebd2e61fd32b418858dc3b13792b6c1798fb8
-
SHA512
bfeea9d43d5cebec74e2e56b4065f67952eab95ce9db819386c6f643fea4eb4603a772804abbf4d167b3c47fdfd8d6dc94bf047977f76a710d21887bcba3bb69
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-