General
-
Target
67276ea315c4611e56a18ea101a6b27469386a7592364fdfa9289e13b967a323
-
Size
164KB
-
Sample
210926-n6npfaegh4
-
MD5
c5ced48e65de6d707160b2e71df898f2
-
SHA1
0c4101e6c378d70d6e145516ff46b443aff92ea4
-
SHA256
67276ea315c4611e56a18ea101a6b27469386a7592364fdfa9289e13b967a323
-
SHA512
57c5a7483fc31362d691af236d3f371668aa6b3031a8e4108ebf5d8f3992bec7a00b6755e6471f9568b368aa88b1154874aaa0d50fc3c38fb74a25f2240ceacf
Static task
static1
Malware Config
Targets
-
-
Target
67276ea315c4611e56a18ea101a6b27469386a7592364fdfa9289e13b967a323
-
Size
164KB
-
MD5
c5ced48e65de6d707160b2e71df898f2
-
SHA1
0c4101e6c378d70d6e145516ff46b443aff92ea4
-
SHA256
67276ea315c4611e56a18ea101a6b27469386a7592364fdfa9289e13b967a323
-
SHA512
57c5a7483fc31362d691af236d3f371668aa6b3031a8e4108ebf5d8f3992bec7a00b6755e6471f9568b368aa88b1154874aaa0d50fc3c38fb74a25f2240ceacf
-
XMRig Miner Payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-