General
-
Target
7e3e81a13733a9ebdaf5ef29870ba56c057bb4b9f7b73d0a79d54633ecc27d49
-
Size
240KB
-
Sample
220809-qab2waccf2
-
MD5
64d80bdb4233a01f632fa458a005bad5
-
SHA1
a5f9ab9c64437510b3892faa041e3b37167c722e
-
SHA256
7e3e81a13733a9ebdaf5ef29870ba56c057bb4b9f7b73d0a79d54633ecc27d49
-
SHA512
7db52c305ce956be1235a07d3956787709cfcc4d4f339012ccd9c9d9fd45fc80eed139f40dd4de34f1cd1245d03b5fe992d79659ecddd7de9604e4cedef020e2
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
7e3e81a13733a9ebdaf5ef29870ba56c057bb4b9f7b73d0a79d54633ecc27d49
-
Size
240KB
-
MD5
64d80bdb4233a01f632fa458a005bad5
-
SHA1
a5f9ab9c64437510b3892faa041e3b37167c722e
-
SHA256
7e3e81a13733a9ebdaf5ef29870ba56c057bb4b9f7b73d0a79d54633ecc27d49
-
SHA512
7db52c305ce956be1235a07d3956787709cfcc4d4f339012ccd9c9d9fd45fc80eed139f40dd4de34f1cd1245d03b5fe992d79659ecddd7de9604e4cedef020e2
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-