General
-
Target
b6fbffbe379b8f8e7691790a96eca98200a72a2fb4ebfaec1405535e76ed4ebf
-
Size
244KB
-
Sample
220809-cgmv3abccq
-
MD5
94b4af3871ea66ef0b1c5920ec7f327c
-
SHA1
226579b29b51dada1b99b1cc0b298bd447963d6e
-
SHA256
b6fbffbe379b8f8e7691790a96eca98200a72a2fb4ebfaec1405535e76ed4ebf
-
SHA512
5d9b909354e64811894dd19f45ea5354ec862374d68075430dc024c15d112ee57e9ed6c602bb67ca0171eaf4a7865f25c28c57f7987796f3cf80b67d47dbc3dc
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
b6fbffbe379b8f8e7691790a96eca98200a72a2fb4ebfaec1405535e76ed4ebf
-
Size
244KB
-
MD5
94b4af3871ea66ef0b1c5920ec7f327c
-
SHA1
226579b29b51dada1b99b1cc0b298bd447963d6e
-
SHA256
b6fbffbe379b8f8e7691790a96eca98200a72a2fb4ebfaec1405535e76ed4ebf
-
SHA512
5d9b909354e64811894dd19f45ea5354ec862374d68075430dc024c15d112ee57e9ed6c602bb67ca0171eaf4a7865f25c28c57f7987796f3cf80b67d47dbc3dc
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-