General
-
Target
7265f0b72b4dccdb04f9be7a9c7e5065528cd0804876e6fdadab127ed9d1b90f
-
Size
242KB
-
Sample
220809-frfraaddan
-
MD5
5fae179f627ceb8f4a6d3effe9e70f93
-
SHA1
217b759415979050ced5d6d15fd1a971fcde1007
-
SHA256
7265f0b72b4dccdb04f9be7a9c7e5065528cd0804876e6fdadab127ed9d1b90f
-
SHA512
e6d0e3253029f41051850f2e9bbfe4e06ac76039346bd7e3489ccbe596d960b857ca984e9cef1cfa68eb425fe4fedadbb66acb0854a732f5c851b3975cdc5bdc
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
7265f0b72b4dccdb04f9be7a9c7e5065528cd0804876e6fdadab127ed9d1b90f
-
Size
242KB
-
MD5
5fae179f627ceb8f4a6d3effe9e70f93
-
SHA1
217b759415979050ced5d6d15fd1a971fcde1007
-
SHA256
7265f0b72b4dccdb04f9be7a9c7e5065528cd0804876e6fdadab127ed9d1b90f
-
SHA512
e6d0e3253029f41051850f2e9bbfe4e06ac76039346bd7e3489ccbe596d960b857ca984e9cef1cfa68eb425fe4fedadbb66acb0854a732f5c851b3975cdc5bdc
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-