General
-
Target
78ec555c0849158dc26f0df098b76f2cbc84318fadca4cdf8bb61c2aef930796
-
Size
242KB
-
Sample
220809-lk437aaba5
-
MD5
4a9dfa01933ea6b24990a979552fa3b7
-
SHA1
6dc87a1aeeef46f96347422dc0bd74a0a2c62d69
-
SHA256
78ec555c0849158dc26f0df098b76f2cbc84318fadca4cdf8bb61c2aef930796
-
SHA512
57d2b8cbdc5bfe93ef554c180bb27e96c1fbb9f9686c8cdc7b1ac26c4044c5ad09356fb1c86bb98bf6a72049d152b48b5dab6f2bfcbd244055e55eeb7758e007
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
78ec555c0849158dc26f0df098b76f2cbc84318fadca4cdf8bb61c2aef930796
-
Size
242KB
-
MD5
4a9dfa01933ea6b24990a979552fa3b7
-
SHA1
6dc87a1aeeef46f96347422dc0bd74a0a2c62d69
-
SHA256
78ec555c0849158dc26f0df098b76f2cbc84318fadca4cdf8bb61c2aef930796
-
SHA512
57d2b8cbdc5bfe93ef554c180bb27e96c1fbb9f9686c8cdc7b1ac26c4044c5ad09356fb1c86bb98bf6a72049d152b48b5dab6f2bfcbd244055e55eeb7758e007
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-