General
-
Target
fff6892047a5f1e27f76a8a5880e1f47f88d541f7f84ecccf0680b444cf58c48
-
Size
241KB
-
Sample
220809-zvtxvshgb9
-
MD5
8cb57c7593e7642a0e5e93ae995b7c69
-
SHA1
82740cfc32b1a4fc9290da572f777b1ccd7d05f1
-
SHA256
fff6892047a5f1e27f76a8a5880e1f47f88d541f7f84ecccf0680b444cf58c48
-
SHA512
24e88fe29bd5448919874314ce1c5b77acc4b0473de42dcf9c43bdafaf53fb30b06ed627e7702c7c417e9bf3cde64d738f81b9dd7a23695f6160e6e44f9e34fd
Static task
static1
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
fff6892047a5f1e27f76a8a5880e1f47f88d541f7f84ecccf0680b444cf58c48
-
Size
241KB
-
MD5
8cb57c7593e7642a0e5e93ae995b7c69
-
SHA1
82740cfc32b1a4fc9290da572f777b1ccd7d05f1
-
SHA256
fff6892047a5f1e27f76a8a5880e1f47f88d541f7f84ecccf0680b444cf58c48
-
SHA512
24e88fe29bd5448919874314ce1c5b77acc4b0473de42dcf9c43bdafaf53fb30b06ed627e7702c7c417e9bf3cde64d738f81b9dd7a23695f6160e6e44f9e34fd
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-