General
-
Target
4e2afa1d29fc867fbce8db5902f41b82b9c1fe97310e7e47c6a14f51a53a68f9
-
Size
242KB
-
Sample
220809-g1ee9aeagl
-
MD5
f846d3e6c60855e11a50994ba426a8d9
-
SHA1
5f550f812613a85ea35dd28cd35d146f87f42c83
-
SHA256
4e2afa1d29fc867fbce8db5902f41b82b9c1fe97310e7e47c6a14f51a53a68f9
-
SHA512
d5911bd82d86713ca1529057e1c1b447ddaf44faae9c7d5ba503606ba364cf760865bf475b402a49d6749afd6bc5a35e5fc6e2ac1187346f6d72c78d02c6928b
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
4e2afa1d29fc867fbce8db5902f41b82b9c1fe97310e7e47c6a14f51a53a68f9
-
Size
242KB
-
MD5
f846d3e6c60855e11a50994ba426a8d9
-
SHA1
5f550f812613a85ea35dd28cd35d146f87f42c83
-
SHA256
4e2afa1d29fc867fbce8db5902f41b82b9c1fe97310e7e47c6a14f51a53a68f9
-
SHA512
d5911bd82d86713ca1529057e1c1b447ddaf44faae9c7d5ba503606ba364cf760865bf475b402a49d6749afd6bc5a35e5fc6e2ac1187346f6d72c78d02c6928b
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-