General
-
Target
f0448057429e7ebf81a339b6f9794ebb6eaeaa94887f393aeaedb28d0f9123f7
-
Size
242KB
-
Sample
220809-kk4xraffbl
-
MD5
28ed896d0a53dd6270680aa99b05cbaf
-
SHA1
1520bae540d09edeadb5c0cca95be7b9da45bc07
-
SHA256
f0448057429e7ebf81a339b6f9794ebb6eaeaa94887f393aeaedb28d0f9123f7
-
SHA512
bdf808f222121fb3cb1796604e40cc88281f57f4b7c3d5dcedd2221ded2d93b80e14d76eadc260bb9d83ec4935561b0c6d4e70a0a061fa83b37621ee3cb31e4e
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
f0448057429e7ebf81a339b6f9794ebb6eaeaa94887f393aeaedb28d0f9123f7
-
Size
242KB
-
MD5
28ed896d0a53dd6270680aa99b05cbaf
-
SHA1
1520bae540d09edeadb5c0cca95be7b9da45bc07
-
SHA256
f0448057429e7ebf81a339b6f9794ebb6eaeaa94887f393aeaedb28d0f9123f7
-
SHA512
bdf808f222121fb3cb1796604e40cc88281f57f4b7c3d5dcedd2221ded2d93b80e14d76eadc260bb9d83ec4935561b0c6d4e70a0a061fa83b37621ee3cb31e4e
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-