General
-
Target
2f2baa2364b7d06d0053295e4143c8d687dbf20b2cae37d91649b41cafe37b5c
-
Size
241KB
-
Sample
220809-mq6pmshaem
-
MD5
a1dd595c9b0ecc88a80051fec0439814
-
SHA1
fb76ddaf92535ad2ee007a2a2e8b732b1d0988dd
-
SHA256
2f2baa2364b7d06d0053295e4143c8d687dbf20b2cae37d91649b41cafe37b5c
-
SHA512
c65936f9da36ea3c14aeb76ecec056277a6353d465dee214f02a2fdd743db2255bb52321e51084a4270b332d2d5eb9a885af3e3324c061f8bb556e74cf2a3588
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
2f2baa2364b7d06d0053295e4143c8d687dbf20b2cae37d91649b41cafe37b5c
-
Size
241KB
-
MD5
a1dd595c9b0ecc88a80051fec0439814
-
SHA1
fb76ddaf92535ad2ee007a2a2e8b732b1d0988dd
-
SHA256
2f2baa2364b7d06d0053295e4143c8d687dbf20b2cae37d91649b41cafe37b5c
-
SHA512
c65936f9da36ea3c14aeb76ecec056277a6353d465dee214f02a2fdd743db2255bb52321e51084a4270b332d2d5eb9a885af3e3324c061f8bb556e74cf2a3588
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-